Vulnerabilities > Webkitgtk > Webkitgtk > 2.2.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-08 | CVE-2020-27918 | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 7.8 |
2020-01-22 | CVE-2016-4761 | Use After Free vulnerability in multiple products WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS | 6.8 |
2019-12-18 | CVE-2019-8813 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
2019-12-18 | CVE-2019-8764 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
2019-12-18 | CVE-2019-8719 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
2019-12-18 | CVE-2019-8625 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |
2019-03-05 | CVE-2019-6234 | Out-of-bounds Write vulnerability in multiple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-02-24 | CVE-2019-8375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Webkitgtk and Webkitgtk+ The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). | 7.5 |
2018-06-19 | CVE-2018-12293 | Integer Overflow or Wraparound vulnerability in multiple products The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. | 6.8 |
2018-06-04 | CVE-2018-11713 | WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. | 4.3 |