Vulnerabilities > Webkitgtk

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-13584 USE After Free vulnerability in multiple products
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64.
6.8
2020-12-03 CVE-2020-13543 USE After Free vulnerability in Webkitgtk 2.30.0
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0.
network
webkitgtk CWE-416
6.8
2020-07-14 CVE-2020-13753 Improper Input Validation vulnerability in multiple products
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl.
network
low complexity
webkitgtk wpewebkit fedoraproject CWE-20
7.5
2020-04-17 CVE-2020-11793 USE After Free vulnerability in multiple products
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
6.8
2020-03-02 CVE-2020-10018 Improper Input Validation vulnerability in multiple products
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution.
network
low complexity
webkitgtk wpewebkit CWE-20
5.0
2020-02-17 CVE-2013-7324 Injection vulnerability in Webkitgtk
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript.
network
low complexity
webkitgtk CWE-74
5.0
2020-01-22 CVE-2016-4761 USE After Free vulnerability in multiple products
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
network
low complexity
webkitgtk canonical CWE-416
6.8
2019-04-10 CVE-2019-11070 Data Processing Errors vulnerability in multiple products
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization.
network
low complexity
webkitgtk wpewebkit CWE-19
5.0
2019-03-05 CVE-2019-6234 Out-Of-Bounds Write vulnerability in multiple products
A memory corruption issue was addressed with improved memory handling.
6.8
2019-02-24 CVE-2019-8375 Buffer Errors vulnerability in Webkitgtk and Webkitgtk+
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
network
low complexity
webkitgtk opensuse canonical CWE-119
7.5