Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webkitgtk\+
(Webkitgtk)| Repositories | https://github.com/WebKit/webkit |
| #Vulnerabilities | 57 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-08 | CVE-2020-27918 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | Icloud, Ipados, Iphone_os, Itunes, Macos, Safari, Tvos, Watchos, Debian_linux, Fedora, Webkitgtk\+ | 7.8 | ||
| 2019-12-18 | CVE-2019-8625 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. | Icloud, Itunes, Webkitgtk\+ | 6.1 | ||
| 2019-12-18 | CVE-2019-8719 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. | Icloud, Itunes, Webkitgtk\+ | 6.1 | ||
| 2019-12-18 | CVE-2019-8764 | A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. | Watchos, Webkitgtk\+ | 6.1 | ||
| 2019-12-18 | CVE-2019-8813 | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. | Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos, Webkitgtk\+ | 6.1 | ||
| 2018-06-19 | CVE-2018-12293 | The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. | Ubuntu_linux, Webkitgtk\+, Wpe_webkit | 8.8 | ||
| 2018-04-03 | CVE-2018-4162 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux, Webkitgtk\+ | 8.8 | ||
| 2020-01-22 | CVE-2016-4761 | WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS | Ubuntu_linux, Webkitgtk\+ | N/A | ||
| 2019-02-24 | CVE-2019-8375 | The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka... | Ubuntu_linux, Leap, Webkitgtk, Webkitgtk\+ | 9.8 | ||
| 2018-06-01 | CVE-2018-11646 | webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. | Webkitgtk\+ | 7.5 |