Vulnerabilities > Webkitgtk

DATE CVE VULNERABILITY TITLE RISK
2020-01-22 CVE-2016-4761 Use After Free vulnerability in multiple products
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
network
low complexity
webkitgtk canonical CWE-416
8.8
2019-12-18 CVE-2019-8813 Cross-site Scripting vulnerability in multiple products
A logic issue was addressed with improved state management.
network
low complexity
apple webkitgtk CWE-79
6.1
2019-12-18 CVE-2019-8764 Cross-site Scripting vulnerability in multiple products
A logic issue was addressed with improved state management.
network
low complexity
apple webkitgtk CWE-79
6.1
2019-12-18 CVE-2019-8719 Cross-site Scripting vulnerability in multiple products
A logic issue was addressed with improved state management.
network
low complexity
apple webkitgtk CWE-79
6.1
2019-12-18 CVE-2019-8674 Cross-site Scripting vulnerability in multiple products
A logic issue was addressed with improved state management.
network
low complexity
apple webkitgtk CWE-79
6.1
2019-12-18 CVE-2019-8625 Cross-site Scripting vulnerability in multiple products
A logic issue was addressed with improved state management.
network
low complexity
apple webkitgtk CWE-79
6.1
2019-04-10 CVE-2019-11070 Data Processing Errors vulnerability in multiple products
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization.
network
low complexity
wpewebkit webkitgtk CWE-19
5.3
2019-03-05 CVE-2019-6234 Out-of-bounds Write vulnerability in multiple products
A memory corruption issue was addressed with improved memory handling.
network
low complexity
apple webkitgtk CWE-787
8.8
2019-02-24 CVE-2019-8375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
network
low complexity
webkitgtk opensuse canonical CWE-119
critical
9.8
2019-01-14 CVE-2019-6251 WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. 8.1