Vulnerabilities > Webkitgtk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2013-7324 | Injection vulnerability in Webkitgtk Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. | 5.3 |
| 2020-01-22 | CVE-2016-4761 | Use After Free vulnerability in multiple products WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS | 8.8 |
| 2019-12-18 | CVE-2019-8813 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-12-18 | CVE-2019-8764 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-12-18 | CVE-2019-8719 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-12-18 | CVE-2019-8674 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-12-18 | CVE-2019-8625 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-04-10 | CVE-2019-11070 | Data Processing Errors vulnerability in multiple products WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. | 5.3 |
| 2019-03-05 | CVE-2019-6234 | Out-of-bounds Write vulnerability in multiple products A memory corruption issue was addressed with improved memory handling. | 8.8 |
| 2019-02-24 | CVE-2019-8375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). | 9.8 |