Webkitgtk

Webkitgtk

63 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-1789

Warning
  • EPSS 0.37%
  • Published 02.04.2021 18:15:21
  • Last modified 28.02.2025 14:44:48

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Process...

6.5

CVE-2021-1765

  • EPSS 0.09%
  • Published 02.04.2021 18:15:20
  • Last modified 21.11.2024 05:45:03

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

3.3

CVE-2020-29623

  • EPSS 0.04%
  • Published 02.04.2021 18:15:17
  • Last modified 21.11.2024 05:24:20

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, ...

8.8

CVE-2020-13558

Exploit
  • EPSS 0.55%
  • Published 03.03.2021 18:15:13
  • Last modified 21.11.2024 05:01:29

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.

8.8

CVE-2020-13584

Exploit
  • EPSS 1.36%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:01:33

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site t...

8.8

CVE-2020-13543

Exploit
  • EPSS 1.5%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:01:27

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a we...

10

CVE-2020-13753

  • EPSS 1.43%
  • Published 14.07.2020 14:15:17
  • Last modified 21.11.2024 05:01:46

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbo...

8.8

CVE-2020-11793

  • EPSS 0.6%
  • Published 17.04.2020 13:15:12
  • Last modified 21.11.2024 04:58:38

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

9.8

CVE-2020-10018

  • EPSS 2.04%
  • Published 02.03.2020 23:15:11
  • Last modified 21.11.2024 04:54:39

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memor...

6.1

CVE-2020-3867

  • EPSS 0.36%
  • Published 27.02.2020 21:15:18
  • Last modified 21.11.2024 05:31:51

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted ...