|
2019-01-14
|
CVE-2019-6251 |
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. |
Ubuntu_linux,
Fedora,
Epiphany,
Leap,
Webkitgtk,
Wpe_webkit
|
8.1
|
|
|
2019-04-10
|
CVE-2019-11070 |
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. |
Webkitgtk,
Wpe_webkit
|
5.3
|
|
|
2019-02-24
|
CVE-2019-8375 |
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka... |
Ubuntu_linux,
Leap,
Webkitgtk,
Webkitgtk\+
|
9.8
|
|
|
|
2017-03-10
|
CVE-2015-2330 |
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. |
Webkitgtk
|
7.5
|
|
|
2010-09-07
|
CVE-2010-3255 |
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. |
Chrome,
Webkitgtk
|
N/A
|
|
|
2010-08-24
|
CVE-2010-3119 |
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. |
Chrome,
Webkitgtk
|
N/A
|
|
|
2010-09-09
|
CVE-2010-1815 |
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. |
Iphone_os,
Ubuntu_linux,
Webkitgtk
|
N/A
|
|
|
2010-09-09
|
CVE-2010-1814 |
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. |
Iphone_os,
Ubuntu_linux,
Webkitgtk
|
N/A
|
|
|
2010-09-09
|
CVE-2010-1812 |
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. |
Iphone_os,
Ubuntu_linux,
Webkitgtk
|
N/A
|
|
|
2010-09-10
|
CVE-2010-1807 |
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. |
Safari,
Android,
Webkitgtk
|
N/A
|
|