Vulnerabilities (CVE)

Filtered by vendor Webkitgtk Subscribe
Total 120 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-8625 2 Apple, Webkitgtk 3 Icloud, Itunes, Webkitgtk\+ 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2016-4761 2 Canonical, Webkitgtk 2 Ubuntu Linux, Webkitgtk\+ 2024-02-04 6.8 MEDIUM 8.8 HIGH
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
CVE-2019-8813 2 Apple, Webkitgtk 7 Icloud, Ipados, Iphone Os and 4 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2020-3867 3 Apple, Opensuse, Webkitgtk 8 Icloud, Ipados, Iphone Os and 5 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8764 2 Apple, Webkitgtk 2 Watchos, Webkitgtk\+ 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8674 2 Apple, Webkitgtk 3 Iphone Os, Safari, Webkitgtk 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2013-7324 1 Webkitgtk 1 Webkitgtk 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration.
CVE-2020-10018 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
CVE-2019-11070 2 Webkitgtk, Wpewebkit 2 Webkitgtk, Wpe Webkit 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
CVE-2018-12911 2 Canonical, Webkitgtk 2 Ubuntu Linux, Webkitgtk\+ 2024-02-04 7.5 HIGH 9.8 CRITICAL
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
CVE-2018-4210 4 Apple, Canonical, Microsoft and 1 more 8 Iphone Os, Itunes, Safari and 5 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
CVE-2018-4213 4 Apple, Canonical, Microsoft and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2019-6234 3 Apple, Microsoft, Webkitgtk 7 Icloud, Iphone Os, Itunes and 4 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4212 4 Apple, Canonical, Microsoft and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2018-4207 4 Apple, Canonical, Microsoft and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2019-6251 6 Canonical, Fedoraproject, Gnome and 3 more 6 Ubuntu Linux, Fedora, Epiphany and 3 more 2024-02-04 5.8 MEDIUM 8.1 HIGH
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
CVE-2019-8375 3 Canonical, Opensuse, Webkitgtk 4 Ubuntu Linux, Leap, Webkitgtk and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
CVE-2018-4208 4 Apple, Canonical, Microsoft and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2018-4118 4 Apple, Canonical, Microsoft and 1 more 8 Icloud, Iphone Os, Itunes and 5 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2018-4101 4 Apple, Canonical, Microsoft and 1 more 8 Icloud, Iphone Os, Itunes and 5 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.