VYPR

Webkitgtk

by Webkitgtk

Source repositories

CVEs (91)

  • CVE-2020-13558Mar 3, 2021
    risk 0.00cvss epss 0.02

    A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.

  • CVE-2020-13584Dec 3, 2020
    risk 0.00cvss epss 0.04

    An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

  • CVE-2020-13543Dec 3, 2020
    risk 0.00cvss epss 0.03

    A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this…

  • CVE-2020-13753Jul 14, 2020
    risk 0.00cvss epss 0.03

    The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to…

  • CVE-2020-11793Apr 17, 2020
    risk 0.00cvss epss 0.03

    A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

  • CVE-2020-10018Mar 2, 2020
    risk 0.00cvss epss 0.05

    WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

  • CVE-2016-4761Jan 22, 2020
    risk 0.00cvss epss 0.01

    WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS

  • CVE-2019-11070Apr 10, 2019
    risk 0.00cvss epss 0.03

    WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are…

  • CVE-2019-8375Feb 24, 2019
    risk 0.00cvss epss 0.16

    The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or…

  • CVE-2019-6251Jan 14, 2019
    risk 0.00cvss epss 0.04

    WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

  • CVE-2010-3813Nov 22, 2010
    risk 0.00cvss epss 0.02

    The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify…

  • CVE-2010-1815Sep 9, 2010
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

  • CVE-2010-1814Sep 9, 2010
    risk 0.00cvss epss 0.04

    WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.

  • CVE-2010-1812Sep 9, 2010
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.

  • CVE-2010-3259Sep 7, 2010
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and…

  • CVE-2010-3257Sep 7, 2010
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors…

  • CVE-2010-3255Sep 7, 2010
    risk 0.00cvss epss 0.02

    Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2010-3119Aug 24, 2010
    risk 0.00cvss epss 0.01

    Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2010-3116Aug 24, 2010
    risk 0.00cvss epss 0.04

    Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via…

  • CVE-2010-3115Aug 24, 2010
    risk 0.00cvss epss 0.02

    Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.

Page 4 of 5