Vulnerabilities > Webkitgtk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-03 | CVE-2020-13584 | USE After Free vulnerability in multiple products An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. | 6.8 |
| 2020-12-03 | CVE-2020-13543 | USE After Free vulnerability in Webkitgtk 2.30.0 A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. | 6.8 |
| 2020-07-14 | CVE-2020-13753 | Improper Input Validation vulnerability in multiple products The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. | 7.5 |
| 2020-04-17 | CVE-2020-11793 | USE After Free vulnerability in multiple products A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | 6.8 |
| 2020-03-02 | CVE-2020-10018 | Improper Input Validation vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. | 5.0 |
| 2020-02-17 | CVE-2013-7324 | Injection vulnerability in Webkitgtk Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. | 5.0 |
| 2020-01-22 | CVE-2016-4761 | USE After Free vulnerability in multiple products WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS | 6.8 |
| 2019-04-10 | CVE-2019-11070 | Data Processing Errors vulnerability in multiple products WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. | 5.0 |
| 2019-03-05 | CVE-2019-6234 | Out-Of-Bounds Write vulnerability in multiple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
| 2019-02-24 | CVE-2019-8375 | Buffer Errors vulnerability in Webkitgtk and Webkitgtk+ The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). | 7.5 |