Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webkitgtk
(Webkitgtk)| Repositories | https://github.com/WebKit/webkit |
| #Vulnerabilities | 56 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-03 | CVE-2020-13558 | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | Webkitgtk | 8.8 | ||
| 2020-12-03 | CVE-2020-13543 | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | Webkitgtk | 8.8 | ||
| 2021-12-25 | CVE-2021-45481 | In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. | Webkitgtk | 6.5 | ||
| 2021-12-25 | CVE-2021-45482 | In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. | Webkitgtk | 6.5 | ||
| 2021-12-25 | CVE-2021-45483 | In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. | Webkitgtk | 6.5 | ||
| 2020-02-27 | CVE-2020-3867 | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. | Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos, Leap, Webkitgtk | 6.1 | ||
| 2010-09-07 | CVE-2010-3259 | WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | Iphone_os, Safari, Ubuntu_linux, Chrome, Webkitgtk | N/A | ||
| 2010-09-07 | CVE-2010-3257 | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. | Iphone_os, Safari, Ubuntu_linux, Chrome, Webkitgtk | N/A | ||
| 2010-08-24 | CVE-2010-3116 | Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. | Iphone_os, Safari, Ubuntu_linux, Chrome, Webkitgtk | N/A | ||
| 2010-08-24 | CVE-2010-3115 | Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors. | Ubuntu_linux, Chrome, Webkitgtk | N/A |