Filtered by vendor Webkitgtk
Subscribe
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23254 | 4 Apple, Fedoraproject, Webkitgtk and 1 more | 10 Ipad Os, Iphone Os, Macos and 7 more | 2024-12-06 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. | |||||
| CVE-2023-42916 | 4 Apple, Debian, Fedoraproject and 1 more | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-29 | N/A | 6.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | |||||
| CVE-2023-41993 | 6 Apple, Debian, Fedoraproject and 3 more | 14 Ipados, Iphone Os, Macos and 11 more | 2024-11-29 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | |||||
| CVE-2023-40397 | 3 Apple, Webkitgtk, Wpewebkit | 3 Macos, Webkitgtk, Wpe Webkit | 2024-11-21 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. | |||||
| CVE-2023-39928 | 3 Debian, Fedoraproject, Webkitgtk | 3 Debian Linux, Fedora, Webkitgtk | 2024-11-21 | N/A | 8.8 HIGH |
| A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. | |||||
| CVE-2023-32370 | 3 Apple, Webkitgtk, Wpewebkit | 3 Macos, Webkitgtk, Wpe Webkit | 2024-11-21 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. | |||||
| CVE-2023-28198 | 3 Apple, Webkitgtk, Wpewebkit | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-25363 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | N/A | 8.8 HIGH |
| A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||||
| CVE-2023-25362 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | N/A | 8.8 HIGH |
| A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||||
| CVE-2022-42826 | 2 Apple, Webkitgtk | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-30293 | 2 Debian, Webkitgtk | 2 Debian Linux, Webkitgtk | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. | |||||
| CVE-2022-22590 | 2 Apple, Webkitgtk | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-45483 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. | |||||
| CVE-2021-45482 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. | |||||
| CVE-2021-45481 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. | |||||
| CVE-2021-42762 | 4 Debian, Fedoraproject, Webkitgtk and 1 more | 4 Debian Linux, Fedora, Webkitgtk and 1 more | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. | |||||
| CVE-2021-21806 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. | |||||
| CVE-2021-21779 | 3 Debian, Fedoraproject, Webkitgtk | 3 Debian Linux, Fedora, Webkitgtk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. | |||||
| CVE-2021-21775 | 3 Debian, Fedoraproject, Webkitgtk | 3 Debian Linux, Fedora, Webkitgtk | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. | |||||
| CVE-2021-1801 | 3 Apple, Fedoraproject, Webkitgtk | 7 Ipad Os, Iphone Os, Macos and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. | |||||