Vulnerabilities > Webkitgtk > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-8719 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-12-18 | CVE-2019-8674 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-12-18 | CVE-2019-8625 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
| 2019-04-10 | CVE-2019-11070 | Data Processing Errors vulnerability in multiple products WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. | 5.3 |
| 2018-06-04 | CVE-2018-11713 | WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. | 6.5 |
| 2018-04-03 | CVE-2018-4146 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. | 6.5 |
| 2018-04-03 | CVE-2018-4133 | Cross-site Scripting vulnerability in multiple products An issue was discovered in certain Apple products. | 6.1 |
| 2018-04-03 | CVE-2018-4117 | Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. | 6.5 |
| 2018-04-03 | CVE-2018-4113 | Reachable Assertion vulnerability in multiple products An issue was discovered in certain Apple products. | 6.5 |
| 2017-11-01 | CVE-2017-1000122 | Improper Input Validation vulnerability in Webkitgtk Webkitgtk+ The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. | 5.3 |