Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webkit vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK up to and including 2.23.90 and WebKitGTK+ up to and including 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote malicious users to cause a denial of ser...
Webkitgtk Webkitgtk
Webkitgtk Webkitgtk\\+
Opensuse Leap 15.0
Opensuse Leap 42.3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
1 EDB exploit
9.8
CVSSv3
CVE-2017-17821
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote malicious users to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in W...
Apple Safari 46
9.8
CVSSv3
CVE-2017-1000121
The UNIX IPC layer in WebKit, including WebKitGTK+ before 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple p...
Webkitgtk Webkitgtk\\+
9.8
CVSSv3
CVE-2017-5949
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote malicious users to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers ...
Apple Safari 22
9.8
CVSSv3
CVE-2016-1636
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome prior to 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote malicious users to bypass t...
Google Chrome
9.8
CVSSv3
CVE-2015-6792
The MIDI subsystem in Google Chrome prior to 47.0.2526.106 does not properly handle the sending of data, which allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manage...
Google Chrome
9.8
CVSSv3
CVE-2010-4197
Use-after-free vulnerability in WebKit, as used in Google Chrome prior to 7.0.517.44, webkitgtk prior to 1.2.6, and other products, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
Google Chrome
Webkitgtk Webkitgtk
Fedoraproject Fedora 13
9.8
CVSSv3
CVE-2010-4204
WebKit, as used in Google Chrome prior to 7.0.517.44, webkitgtk prior to 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote malicious users to cause a denial of service or possibly have unspecified other impact via unknown...
Google Chrome
Webkitgtk Webkitgtk
Fedoraproject Fedora 13
9.8
CVSSv3
CVE-2010-4042
Google Chrome prior to 7.0.517.41 does not properly handle element maps, which allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
Google Chrome
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
9.6
CVSSv3
CVE-2023-6345
Integer overflow in Skia in Google Chrome before 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Google Chrome
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Microsoft Edge Chromium
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »