Filtered by vendor Webkitgtk
Subscribe
Total
120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-11793 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Leap and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | |||||
CVE-2019-8625 | 2 Apple, Webkitgtk | 3 Icloud, Itunes, Webkitgtk\+ | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2019-8764 | 2 Apple, Webkitgtk | 2 Watchos, Webkitgtk\+ | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2019-8719 | 2 Apple, Webkitgtk | 3 Icloud, Itunes, Webkitgtk\+ | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2013-7324 | 1 Webkitgtk | 1 Webkitgtk | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. | |||||
CVE-2016-4761 | 2 Canonical, Webkitgtk | 2 Ubuntu Linux, Webkitgtk\+ | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS | |||||
CVE-2020-10018 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. | |||||
CVE-2019-8813 | 2 Apple, Webkitgtk | 7 Icloud, Ipados, Iphone Os and 4 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2020-3867 | 3 Apple, Opensuse, Webkitgtk | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2019-8674 | 2 Apple, Webkitgtk | 3 Iphone Os, Safari, Webkitgtk | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2019-11070 | 2 Webkitgtk, Wpewebkit | 2 Webkitgtk, Wpe Webkit | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. | |||||
CVE-2018-4210 | 4 Apple, Canonical, Microsoft and 1 more | 8 Iphone Os, Itunes, Safari and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. | |||||
CVE-2018-12911 | 2 Canonical, Webkitgtk | 2 Ubuntu Linux, Webkitgtk\+ | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. | |||||
CVE-2018-4213 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||||
CVE-2018-4207 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||||
CVE-2019-6251 | 6 Canonical, Fedoraproject, Gnome and 3 more | 6 Ubuntu Linux, Fedora, Epiphany and 3 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. | |||||
CVE-2018-4212 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||||
CVE-2018-4208 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||||
CVE-2019-6234 | 3 Apple, Microsoft, Webkitgtk | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2019-8375 | 3 Canonical, Opensuse, Webkitgtk | 4 Ubuntu Linux, Leap, Webkitgtk and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). |