Vulnerabilities > Webkitgtk > Webkitgtk > 2.25.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-02 | CVE-2021-1765 | This issue was addressed with improved iframe sandbox enforcement. | 6.5 |
| 2021-04-02 | CVE-2020-29623 | "Clear History and Website Data" did not clear the history. | 3.3 |
| 2020-07-14 | CVE-2020-13753 | Improper Input Validation vulnerability in multiple products The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. | 10.0 |
| 2020-04-17 | CVE-2020-11793 | Use After Free vulnerability in multiple products A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | 8.8 |
| 2020-03-02 | CVE-2020-10018 | Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. | 9.8 |
| 2020-02-27 | CVE-2020-3867 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 4.3 |
| 2020-02-17 | CVE-2013-7324 | Injection vulnerability in Webkitgtk Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. | 5.0 |
| 2019-12-18 | CVE-2019-8674 | Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. | 6.1 |