Skip to main content

Wpe Webkit

18 CVEs product

Monthly

CVE-2024-27834 MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +6
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23284 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-23280 MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipad Os Iphone Os +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23263 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-23254 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipad Os Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40397 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS Webkitgtk Wpe Webkit
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-32370 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS Webkitgtk Wpe Webkit
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-28198 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-32893 HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +7
NVD
CVSS 3.1
8.8
EPSS
9.8%
CVE-2022-2294 HIGH KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Extra Packages For Enterprise Linux +10
NVD
CVSS 3.1
8.8
EPSS
70.5%
CVE-2021-42762 MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk Wpe Webkit Fedora +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-30952 HIGH POC KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Integer Overflow RCE Safari Ipados +8
NVD
CVSS 3.1
7.8
EPSS
7.6%
CVE-2020-13753 CRITICAL PATCH Act Now

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk Wpe Webkit Fedora +3
NVD
CVSS 3.1
10.0
EPSS
2.9%
CVE-2020-11793 HIGH This Week

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +6
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-10018 CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Use After Free +6
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2019-11070 MEDIUM PATCH This Month

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Webkitgtk Wpe Webkit
NVD
CVSS 3.0
5.3
EPSS
3.3%
CVE-2019-6251 HIGH POC PATCH This Week

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Apple Information Disclosure Epiphany Webkitgtk +4
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2018-12293 HIGH POC PATCH THREAT This Week

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Apple Ubuntu Linux Webkitgtk +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.5%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari +8
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari +8
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari +9
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 10% CVSS 8.8
HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple +9
NVD
EPSS 70% CVSS 8.8
HIGH KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +12
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk +3
NVD GitHub
EPSS 8% CVSS 7.8
HIGH POC KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Integer Overflow RCE +10
NVD
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +8
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple +8
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Webkitgtk +1
NVD
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Apple Information Disclosure +6
NVD
EPSS 11% CVSS 8.8
HIGH POC PATCH THREAT This Week

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Apple +3
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy