Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Webkitgtk Subscribe
Total 107 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25358 1 Webkitgtk 1 Webkitgtk 2023-03-14 N/A 9.8 CRITICAL
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2023-25360 1 Webkitgtk 1 Webkitgtk 2023-03-14 N/A 9.8 CRITICAL
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2023-25361 1 Webkitgtk 1 Webkitgtk 2023-03-14 N/A 9.8 CRITICAL
A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2023-25362 1 Webkitgtk 1 Webkitgtk 2023-03-14 N/A 9.8 CRITICAL
A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2023-25363 1 Webkitgtk 1 Webkitgtk 2023-03-14 N/A 9.8 CRITICAL
A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2019-8720 3 Redhat, Webkitgtk, Wpewebkit 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more 2023-03-10 N/A 8.8 HIGH
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
CVE-2020-13753 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2023-01-27 7.5 HIGH 10.0 CRITICAL
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
CVE-2020-27918 4 Apple, Debian, Fedoraproject and 1 more 11 Icloud, Ipados, Iphone Os and 8 more 2023-01-09 6.8 MEDIUM 7.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-2294 6 Apple, Fedoraproject, Google and 3 more 12 Ipados, Iphone Os, Mac Os X and 9 more 2022-11-29 N/A 8.8 HIGH
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-32893 5 Apple, Debian, Fedoraproject and 2 more 8 Ipados, Iphone Os, Macos and 5 more 2022-11-07 N/A 8.8 HIGH
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2022-30293 2 Debian, Webkitgtk 2 Debian Linux, Webkitgtk 2022-10-14 5.1 MEDIUM 7.5 HIGH
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
CVE-2019-8625 2 Apple, Webkitgtk 3 Icloud, Itunes, Webkitgtk\+ 2022-10-13 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8719 2 Apple, Webkitgtk 3 Icloud, Itunes, Webkitgtk\+ 2022-10-13 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8813 2 Apple, Webkitgtk 7 Icloud, Ipados, Iphone Os and 4 more 2022-10-13 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8674 2 Apple, Webkitgtk 3 Iphone Os, Safari, Webkitgtk 2022-10-13 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8764 2 Apple, Webkitgtk 2 Watchos, Webkitgtk\+ 2022-10-13 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2021-21806 1 Webkitgtk 1 Webkitgtk 2022-10-06 6.8 MEDIUM 8.8 HIGH
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
CVE-2021-21775 3 Debian, Fedoraproject, Webkitgtk 3 Debian Linux, Fedora, Webkitgtk 2022-08-24 6.0 MEDIUM 8.0 HIGH
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.
CVE-2010-1814 3 Apple, Canonical, Webkitgtk 4 Iphone Os, Ipod Touch, Ubuntu Linux and 1 more 2022-08-09 6.8 MEDIUM N/A
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
CVE-2010-1815 3 Apple, Canonical, Webkitgtk 4 Iphone Os, Ipod Touch, Ubuntu Linux and 1 more 2022-08-09 6.8 MEDIUM N/A
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.