Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webkitgtk vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-9850
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code ...
Apple Icloud
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
1 Metasploit module
1 Article
7.5
CVSSv2
CVE-2020-10018
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory ha...
Webkitgtk Webkitgtk
Wpewebkit Wpe Webkit
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
7.5
CVSSv2
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK up to and including 2.23.90 and WebKitGTK+ up to and including 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote malicious users to cause a denial of ser...
Webkitgtk Webkitgtk
Webkitgtk Webkitgtk\\+
Opensuse Leap 15.0
Opensuse Leap 42.3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
1 EDB exploit
7.5
CVSSv2
CVE-2018-12911
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
Webkitgtk Webkitgtk\\+ 2.20.3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
7.5
CVSSv2
CVE-2017-1000121
The UNIX IPC layer in WebKit, including WebKitGTK+ before 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple p...
Webkitgtk Webkitgtk\\+
7.5
CVSSv2
CVE-2017-5226
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an malicious user to escape the sandbox.
Projectatomic Bubblewrap
3 Github repositories
7.5
CVSSv2
CVE-2014-1745
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome prior to 35.0.1916.114, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object,...
Google Chrome
Google Chrome 35.0.1916.99
Google Chrome 35.0.1916.57
Google Chrome 35.0.1916.3
Google Chrome 35.0.1916.38
Google Chrome 35.0.1916.105
Google Chrome 35.0.1916.95
Google Chrome 35.0.1916.52
Google Chrome 35.0.1916.82
Google Chrome 35.0.1916.42
Google Chrome 35.0.1916.36
Google Chrome 35.0.1916.111
Google Chrome 35.0.1916.61
Google Chrome 35.0.1916.98
Google Chrome 35.0.1916.47
Google Chrome 35.0.1916.110
Google Chrome 35.0.1916.10
Google Chrome 35.0.1916.20
Google Chrome 35.0.1916.85
Google Chrome 35.0.1916.9
Google Chrome 35.0.1916.92
Google Chrome 35.0.1916.23
7.5
CVSSv2
CVE-2010-4197
Use-after-free vulnerability in WebKit, as used in Google Chrome prior to 7.0.517.44, webkitgtk prior to 1.2.6, and other products, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
Google Chrome
Webkitgtk Webkitgtk
Fedoraproject Fedora 13
7.5
CVSSv2
CVE-2010-4204
WebKit, as used in Google Chrome prior to 7.0.517.44, webkitgtk prior to 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote malicious users to cause a denial of service or possibly have unspecified other impact via unknown...
Google Chrome
Webkitgtk Webkitgtk
Fedoraproject Fedora 13
7.2
CVSSv2
CVE-2020-3864
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
Apple Icloud
Apple Itunes
Apple Safari
Apple Ipados
Apple Iphone Os
Apple Tvos
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »