Skip to main content

Webkitgtk

102 CVEs product

Monthly

CVE-2024-27834 MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +6
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23284 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-23280 MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipad Os Iphone Os +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23263 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-23254 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipad Os Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-42917 HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +6
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2023-42916 MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Safari Ipados +5
NVD
CVSS 3.1
6.5
EPSS
17.8%
CVE-2023-39928 HIGH This Week

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Apple RCE Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-41993 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +11
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-40397 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS Webkitgtk Wpe Webkit
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-32370 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS Webkitgtk Wpe Webkit
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-28198 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37450 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
18.9%
CVE-2023-32439 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
23.8%
CVE-2023-32373 HIGH KEV THREAT This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
8.8
EPSS
12.2%
CVE-2023-28204 MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Safari Ipados +5
NVD
CVSS 3.1
6.5
EPSS
14.3%
CVE-2023-25363 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25362 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25361 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25360 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25358 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk Fedora
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32893 HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +7
NVD
CVSS 3.1
8.8
EPSS
9.8%
CVE-2022-2294 HIGH KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Extra Packages For Enterprise Linux +10
NVD
CVSS 3.1
8.8
EPSS
70.5%
CVE-2022-30293 HIGH POC PATCH This Week

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Buffer Overflow Apple Webkitgtk Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-22590 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Use After Free Denial Of Service +7
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-45483 MEDIUM POC This Month

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Webkitgtk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-45482 MEDIUM POC This Month

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Webkitgtk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-45481 MEDIUM POC This Month

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webkitgtk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-42762 MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk Wpe Webkit Fedora +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-30952 HIGH POC KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Integer Overflow RCE Safari Ipados +8
NVD
CVSS 3.1
7.8
EPSS
7.6%
CVE-2021-21806 HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-21779 HIGH POC This Week

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple Memory Corruption Webkitgtk +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-21775 HIGH POC This Week

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple Memory Corruption Webkitgtk +2
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-1870 CRITICAL KEV THREAT Act Now

A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-1801 MEDIUM This Month

This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os Iphone Os macOS +4
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-1799 MEDIUM This Month

A port redirection issue was addressed with additional port validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipad Os Iphone Os +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-1789 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Ipados Iphone Os +6
NVD
CVSS 3.1
8.8
EPSS
14.5%
CVE-2021-1765 MEDIUM This Month

This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-27918 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +12
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-13584 HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Webkitgtk Fedora
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-13543 HIGH POC This Week

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Apple Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-9952 HIGH This Week

An input validation issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Safari +5
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2020-9951 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple RCE Use After Free +9
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-9948 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple Safari Webkitgtk +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-13753 CRITICAL PATCH Act Now

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk Wpe Webkit Fedora +3
NVD
CVSS 3.1
10.0
EPSS
2.9%
CVE-2020-11793 HIGH This Week

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +6
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-10018 CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Use After Free +6
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-3867 MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Apple Icloud Itunes +6
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-8813 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-8764 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Watchos Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8719 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud Itunes Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-8674 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8625 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud Itunes Webkitgtk
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-11070 MEDIUM PATCH This Month

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Webkitgtk Wpe Webkit
NVD
CVSS 3.0
5.3
EPSS
3.3%
CVE-2019-6234 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-8375 CRITICAL POC PATCH THREAT Act Now

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Apple Webkitgtk Leap +1
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
16.1%
CVE-2019-6251 HIGH POC PATCH This Week

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Apple Information Disclosure Epiphany Webkitgtk +4
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2018-12911 CRITICAL PATCH Act Now

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Webkitgtk Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12294 HIGH This Week

WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Apple Webkitgtk
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-12293 HIGH POC PATCH THREAT This Week

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Apple Ubuntu Linux Webkitgtk +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-11713 MEDIUM PATCH This Month

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk Libsoup
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-11712 HIGH PATCH This Week

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-11646 HIGH POC PATCH THREAT This Week

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apple Webkitgtk
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
69.0%
CVE-2018-4165 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-4163 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +8
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-4162 HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +8
NVD GitHub
CVSS 3.0
8.8
EPSS
38.6%
CVE-2018-4146 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Buffer Overflow Apple Safari +7
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-4133 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Ubuntu Linux Webkitgtk
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-4129 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +8
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-4128 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-4127 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-4125 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +8
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-4122 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +8
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-4120 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-4119 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-4118 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-4117 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple Safari Iphone Os +9
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-4114 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +8
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-4113 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Apple Safari Iphone Os +6
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-4101 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-1000122 MEDIUM This Month

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Webkitgtk
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-1000121 CRITICAL PATCH Act Now

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apple Buffer Overflow Webkitgtk
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2015-2330 HIGH This Week

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webkitgtk
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-2373 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Tvos +3
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.8%
CVE-2017-2369 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +3
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.7%
CVE-2017-2365 MEDIUM POC THREAT This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.2%.

Apple Information Disclosure Iphone Os Safari Tvos +1
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
18.2%
CVE-2017-2363 MEDIUM POC THREAT This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.3%.

Apple Information Disclosure Iphone Os Safari Tvos +2
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
21.3%
CVE-2017-2360 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free RCE Memory Corruption Apple +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.2%
CVE-2017-2356 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +5
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-2355 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +5
NVD
CVSS 3.0
8.8
EPSS
0.9%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari +8
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari +8
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 9% CVSS 8.8
HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +8
NVD
EPSS 18% CVSS 6.5
MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Apple +5
NVD
EPSS 29% CVSS 8.8
HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +13
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 19% CVSS 8.8
HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +6
NVD
EPSS 24% CVSS 8.8
HIGH KEV THREAT This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple +5
NVD
EPSS 12% CVSS 8.8
HIGH KEV THREAT This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +9
NVD
EPSS 14% CVSS 6.5
MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 10% CVSS 8.8
HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple +9
NVD
EPSS 70% CVSS 8.8
HIGH KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +12
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Buffer Overflow Apple +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple +9
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webkitgtk
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk +3
NVD GitHub
EPSS 8% CVSS 7.8
HIGH POC KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Integer Overflow RCE +10
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple +4
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple +4
NVD
EPSS 8% CVSS 9.8
CRITICAL KEV THREAT Act Now

A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados +5
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipad Os +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A port redirection issue was addressed with additional port validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +7
NVD
EPSS 15% CVSS 8.8
HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption +8
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption +14
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +2
NVD
EPSS 1% CVSS 7.1
HIGH This Week

An input validation issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple +3
NVD
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +8
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple +8
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Apple +8
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple +7
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Watchos +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Icloud +2
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Webkitgtk +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple +8
NVD
EPSS 16% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Apple +3
NVD GitHub Exploit-DB
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Apple Information Disclosure +6
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Webkitgtk +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 11% CVSS 8.8
HIGH POC PATCH THREAT This Week

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Apple +3
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk
NVD
EPSS 69% CVSS 7.5
HIGH POC PATCH THREAT This Week

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apple Webkitgtk
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +9
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +10
NVD
EPSS 39% CVSS 8.8
HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +10
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Buffer Overflow +9
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +9
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +9
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +9
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +9
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +9
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +10
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Apple +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +9
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Webkitgtk
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apple Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webkitgtk
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Apple +5
NVD Exploit-DB
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Apple +5
NVD Exploit-DB
EPSS 18% CVSS 6.5
MEDIUM POC THREAT This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.2%.

Apple Information Disclosure Iphone Os +3
NVD Exploit-DB
EPSS 21% CVSS 6.5
MEDIUM POC THREAT This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.3%.

Apple Information Disclosure Iphone Os +4
NVD Exploit-DB
EPSS 3% CVSS 7.8
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free RCE +7
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +7
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy