Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webkit vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-10018
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory ha...
Webkitgtk Webkitgtk
Wpewebkit Wpe Webkit
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
9.8
CVSSv3
CVE-2011-2337
A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
Google Blink
9.8
CVSSv3
CVE-2011-1460
WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.
Google Blink
9.8
CVSSv3
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK up to and including 2.23.90 and WebKitGTK+ up to and including 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote malicious users to cause a denial of ser...
Webkitgtk Webkitgtk
Webkitgtk Webkitgtk\\+
Opensuse Leap 15.0
Opensuse Leap 42.3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
1 EDB exploit
9.8
CVSSv3
CVE-2017-17821
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote malicious users to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in W...
Apple Safari 46
9.8
CVSSv3
CVE-2017-1000121
The UNIX IPC layer in WebKit, including WebKitGTK+ before 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple p...
Webkitgtk Webkitgtk\\+
9.8
CVSSv3
CVE-2017-5949
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote malicious users to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers ...
Apple Safari 22
9.8
CVSSv3
CVE-2016-1636
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome prior to 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote malicious users to bypass t...
Google Chrome
9.8
CVSSv3
CVE-2015-6792
The MIDI subsystem in Google Chrome prior to 47.0.2526.106 does not properly handle the sending of data, which allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manage...
Google Chrome
9.8
CVSSv3
CVE-2010-4197
Use-after-free vulnerability in WebKit, as used in Google Chrome prior to 7.0.517.44, webkitgtk prior to 1.2.6, and other products, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
Google Chrome
Webkitgtk Webkitgtk
Fedoraproject Fedora 13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »