Vulnerabilities > Wpewebkit > WPE Webkit > 2.21.92
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-06 | CVE-2023-40397 | The issue was addressed with improved checks. | 9.8 |
2023-09-06 | CVE-2023-32370 | A logic issue was addressed with improved validation. | 5.3 |
2023-08-14 | CVE-2023-28198 | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
2022-08-24 | CVE-2022-32893 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue was addressed with improved bounds checking. | 8.8 |
2022-07-28 | CVE-2022-2294 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-10-20 | CVE-2021-42762 | BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. | 5.3 |
2020-07-14 | CVE-2020-13753 | Improper Input Validation vulnerability in multiple products The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. | 10.0 |
2020-04-17 | CVE-2020-11793 | Use After Free vulnerability in multiple products A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | 8.8 |
2020-03-02 | CVE-2020-10018 | Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. | 9.8 |
2019-04-10 | CVE-2019-11070 | Data Processing Errors vulnerability in multiple products WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. | 5.3 |