Product:

Webkitgtk

(Webkitgtk)
Repositories https://github.com/WebKit/webkit
#Vulnerabilities 52
Date Id Summary Products Score Patch Annotated
2023-03-02 CVE-2023-25358 A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Fedora, Webkitgtk 8.8
2023-03-02 CVE-2023-25360 A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Webkitgtk 8.8
2023-03-02 CVE-2023-25361 A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Webkitgtk 8.8
2023-03-02 CVE-2023-25362 A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Webkitgtk 8.8
2023-03-02 CVE-2023-25363 A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Webkitgtk 8.8
2023-03-06 CVE-2019-8720 A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Codeready_linux_builder, Codeready_linux_builder_eus, Codeready_linux_builder_for_arm64_eus, Codeready_linux_builder_for_ibm_z_systems_eus, Codeready_linux_builder_for_power_little_endian_eus, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_arm64, Enterprise_linux_for_arm64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Webkitgtk, Wpe_webkit 8.8
2020-07-14 CVE-2020-13753 The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. Ubuntu_linux, Debian_linux, Fedora, Leap, Webkitgtk, Wpe_webkit 10.0
2022-07-28 CVE-2022-2294 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos, Extra_packages_for_enterprise_linux, Fedora, Chrome, Webkitgtk, Webrtc, Wpe_webkit 8.8
2022-08-24 CVE-2022-32893 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Ipados, Iphone_os, Macos, Safari, Debian_linux, Fedora, Webkitgtk, Wpe_webkit 8.8
2022-05-06 CVE-2022-30293 In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Debian_linux, Webkitgtk 7.5