Webkitgtk

Webkitgtk

63 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2013-7324

  • EPSS 0.42%
  • Published 17.02.2020 19:15:11
  • Last modified 21.11.2024 02:00:44

Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existin...

6.1

CVE-2019-8674

  • EPSS 0.73%
  • Published 18.12.2019 18:15:32
  • Last modified 21.11.2024 04:50:16

A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.

5.3

CVE-2019-11070

  • EPSS 2.02%
  • Published 10.04.2019 21:29:01
  • Last modified 21.11.2024 04:20:28

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing t...

9.8

CVE-2019-8375

Exploit
  • EPSS 21.51%
  • Published 24.02.2019 13:29:00
  • Last modified 21.11.2024 04:49:46

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of ser...

8.1

CVE-2019-6251

Exploit
  • EPSS 2.54%
  • Published 14.01.2019 08:29:00
  • Last modified 21.11.2024 04:46:18

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 ...

7.5

CVE-2015-2330

  • EPSS 0.32%
  • Published 10.03.2017 02:59:00
  • Last modified 20.04.2025 01:37:25

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.

7.5

CVE-2010-4577

Exploit
  • EPSS 4.27%
  • Published 22.12.2010 01:00:03
  • Last modified 11.04.2025 00:51:21

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS...

8.8

CVE-2010-4206

Exploit
  • EPSS 2.95%
  • Published 06.11.2010 00:00:03
  • Last modified 11.04.2025 00:51:21

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service ...

9.8

CVE-2010-4204

Exploit
  • EPSS 4.35%
  • Published 06.11.2010 00:00:03
  • Last modified 11.04.2025 00:51:21

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified othe...

8.8

CVE-2010-4198

  • EPSS 1.28%
  • Published 06.11.2010 00:00:02
  • Last modified 11.04.2025 00:51:21

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified oth...