Webkit
by Apple Inc.
Source repositories
CVEs (498)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30954 | 0.00 | — | 0.01 | Aug 24, 2021 | A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2021-21779 | 0.00 | — | 0.03 | Jul 8, 2021 | A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web… | |||
| CVE-2021-21806 | 0.00 | — | 0.03 | Jul 8, 2021 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. | |||
| CVE-2021-21775 | 0.00 | — | 0.01 | Jul 7, 2021 | A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim… | |||
| CVE-2020-13558 | 0.00 | — | 0.02 | Mar 3, 2021 | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | |||
| CVE-2020-13584 | 0.00 | — | 0.04 | Dec 3, 2020 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | |||
| CVE-2020-13543 | 0.00 | — | 0.03 | Dec 3, 2020 | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this… | |||
| CVE-2019-8752 | 0.00 | — | 0.01 | Oct 27, 2020 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web… | |||
| CVE-2019-8678 | 0.00 | — | 0.02 | Dec 18, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web… | |||
| CVE-2019-11070 | 0.00 | — | 0.03 | Apr 10, 2019 | WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are… | |||
| CVE-2018-4445 | 0.00 | — | 0.01 | Apr 3, 2019 | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2. | |||
| CVE-2018-4430 | 0.00 | — | 0.00 | Apr 3, 2019 | A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1. | |||
| CVE-2018-4414 | 0.00 | — | 0.01 | Apr 3, 2019 | A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4429 | 0.00 | — | 0.01 | Apr 3, 2019 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2. | |||
| CVE-2018-4400 | 0.00 | — | 0.01 | Apr 3, 2019 | A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1. | |||
| CVE-2018-4358 | 0.00 | — | 0.02 | Apr 3, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4360 | 0.00 | — | 0.02 | Apr 3, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4355 | 0.00 | — | 0.01 | Apr 3, 2019 | A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. | |||
| CVE-2018-4362 | 0.00 | — | 0.01 | Apr 3, 2019 | An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12. | |||
| CVE-2018-4356 | 0.00 | — | 0.01 | Apr 3, 2019 | A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12. |
- CVE-2021-30954Aug 24, 2021risk 0.00cvss —epss 0.01
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2021-21779Jul 8, 2021risk 0.00cvss —epss 0.03
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web…
- CVE-2021-21806Jul 8, 2021risk 0.00cvss —epss 0.03
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
- CVE-2021-21775Jul 7, 2021risk 0.00cvss —epss 0.01
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim…
- CVE-2020-13558Mar 3, 2021risk 0.00cvss —epss 0.02
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
- CVE-2020-13584Dec 3, 2020risk 0.00cvss —epss 0.04
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
- CVE-2020-13543Dec 3, 2020risk 0.00cvss —epss 0.03
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this…
- CVE-2019-8752Oct 27, 2020risk 0.00cvss —epss 0.01
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web…
- CVE-2019-8678Dec 18, 2019risk 0.00cvss —epss 0.02
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web…
- CVE-2019-11070Apr 10, 2019risk 0.00cvss —epss 0.03
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are…
- CVE-2018-4445Apr 3, 2019risk 0.00cvss —epss 0.01
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.
- CVE-2018-4430Apr 3, 2019risk 0.00cvss —epss 0.00
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.
- CVE-2018-4414Apr 3, 2019risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2018-4429Apr 3, 2019risk 0.00cvss —epss 0.01
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.
- CVE-2018-4400Apr 3, 2019risk 0.00cvss —epss 0.01
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
- CVE-2018-4358Apr 3, 2019risk 0.00cvss —epss 0.02
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2018-4360Apr 3, 2019risk 0.00cvss —epss 0.02
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2018-4355Apr 3, 2019risk 0.00cvss —epss 0.01
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
- CVE-2018-4362Apr 3, 2019risk 0.00cvss —epss 0.01
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.
- CVE-2018-4356Apr 3, 2019risk 0.00cvss —epss 0.01
A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.
Page 10 of 25