cbcvebase.

Debian Webkit2Gtk vulnerabilities

678 known vulnerabilities affecting debian/webkit2gtk.

Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275

Vulnerabilities

Page 25 of 34
CVE-2021-21775P3HIGHCVSS 8.0fixed in webkit2gtk 2.32.3-1 (bookworm)2021
CVE-2021-21775 [HIGH] CVE-2021-21775: webkit2gtk - A use-after-free vulnerability exists in the way certain events are processed fo... A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. Scope: local bookworm: resolved (fi
debian
CVE-2017-2376P3LOWCVSS 7.5fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2376 [HIGH] CVE-2017-2376: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ... An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: resolved (fixed in 2.16.3-2) forky: resolve
debian
CVE-2025-24213P3HIGHCVSS 7.8fixed in webkit2gtk 2.48.1-2~deb12u1 (bookworm)2025
CVE-2025-24213 [HIGH] CVE-2025-24213: webkit2gtk - This issue was addressed with improved handling of floats. This issue is fixed i... This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky:
debian
CVE-2020-3864P3HIGHCVSS 7.8fixed in webkit2gtk 2.26.4-1 (bookworm)2020
CVE-2020-3864 [HIGH] CVE-2020-3864: webkit2gtk - A logic issue was addressed with improved validation. This issue is fixed in iCl... A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. Scope: local bookworm: resolved (fixed in 2.26.4-1) bullseye: resolved (fixed in 2.26.4-
debian
CVE-2018-4311P3LOWCVSS 8.1fixed in webkit2gtk 2.22.0-2 (bookworm)2018
CVE-2018-4311 [HIGH] CVE-2018-4311: webkit2gtk - The issue was addressed by removing origin information. This issue affected vers... The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Scope: local bookworm: resolved (fixed in 2.22.0-2) bullseye: resolved (fixed in 2.22.0-2) forky: resolved (fixed in 2.22.0-2) sid: resolved (fixed in 2.22.0-2) trixie: resolved (fixed in 2.22.0
debian
CVE-2025-13947P3HIGHCVSS 7.4fixed in webkit2gtk 2.50.3-1~deb12u1 (bookworm)2025
CVE-2025-13947 [HIGH] CVE-2025-13947: webkit2gtk - A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted i... A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser. Scope: local bookworm: resolved (fixed in 2.50.3-1~deb12u1) bullseye: reso
debian
CVE-2025-43541P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.50.4-1~deb12u1 (bookworm)2025
CVE-2025-43541 [MEDIUM] CVE-2025-43541: webkit2gtk - A type confusion issue was addressed with improved state handling. This issue is... A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.4-1~deb12u1) bullseye: resolved (fixed in
debian
CVE-2025-24209P3HIGHCVSS 7.0fixed in webkit2gtk 2.48.1-2~deb12u1 (bookworm)2025
CVE-2025-24209 [HIGH] CVE-2025-24209: webkit2gtk - A buffer overflow issue was addressed with improved memory handling. This issue ... A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in 2
debian
CVE-2023-32359P3HIGHCVSS 7.5fixed in webkit2gtk 2.42.1-1~deb12u1 (bookworm)2023
CVE-2023-32359 [HIGH] CVE-2023-32359: webkit2gtk - This issue was addressed with improved redaction of sensitive information. This ... This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. Scope: local bookworm: resolved (fixed in 2.42.1-1~deb12u1) bullseye: resolved (fixed in 2.42.1-1~deb11u1) forky: resolved (fixed in 2.42.0-1) sid: resolved (fixed in 2.42.0-1) trixie: re
debian
CVE-2017-2392P3LOWCVSS 7.8fixed in webkit2gtk 2.14.6-1 (bookworm)2017
CVE-2017-2392 [HIGH] CVE-2017-2392: webkit2gtk - An issue was discovered in certain Apple products. Safari before 10.1 is affecte... An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. Scope: local bookworm: resolved (fixed in 2.14.6-1) bullseye: resolved (fixed in 2.14.6-1) forky: resolved (fixed in 2.14.6-1)
debian
CVE-2021-30888P3HIGHCVSS 7.4fixed in webkit2gtk 2.34.1-1 (bookworm)2021
CVE-2021-30888 [HIGH] CVE-2021-30888: webkit2gtk - An information leakage issue was addressed. This issue is fixed in iOS 15.1 and ... An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . Scope: local bookworm: resolved (fixed in 2.34.1-1) bullseye: resolved (fixed in
debian
CVE-2018-11712P3LOWCVSS 7.5fixed in webkit2gtk 2.20.2-1 (bookworm)2018
CVE-2018-11712 [HIGH] CVE-2018-11712: webkit2gtk - WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup netw... WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. Scope: local bookworm: resolved (fixed in 2.20.2-1) bullseye: resolved (fixed in 2.20.2-1) forky: resolved (fixed in 2.20.2-1) sid: resolv
debian
CVE-2024-54551P3HIGHCVSS 7.5fixed in webkit2gtk 2.48.1-2~deb12u1 (bookworm)2024
CVE-2024-54551 [HIGH] CVE-2024-54551: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: resolved (fixed in 2
debian
CVE-2021-30823P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.34.1-1 (bookworm)2021
CVE-2021-30823 [MEDIUM] CVE-2021-30823: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m... A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS. Scope: local bookworm: resolved (fixed in 2.34.1-1) bullseye: resolved (fixed in 2.34.1-1~deb11u1) forky: resolved (fixed in 2.34.1
debian
CVE-2026-20665P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.52.1-1 (sid)2026
CVE-2026-20665 [MEDIUM] CVE-2026-20665: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: open bullseye: open forky: ope
debian
CVE-2022-32816P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.36.6-1 (bookworm)2022
CVE-2022-32816 [MEDIUM] CVE-2022-32816: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in watchO... The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. Scope: local bookworm: resolved (fixed in 2.36.6-1) bullseye: resolved (fixed in 2.36.6-1~deb11u1) forky: resolved (fixed in 2.36.6-1) sid: reso
debian
CVE-2017-2377P3LOWCVSS 7.5fixed in webkit2gtk 2.14.6-1 (bookworm)2017
CVE-2017-2377 [HIGH] CVE-2017-2377: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ... An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. Scope: local bookworm: resolved (fixed i
debian
CVE-2018-4117P3LOWCVSS 6.5fixed in webkit2gtk 2.20.0-2 (bookworm)2018
CVE-2018-4117 [MEDIUM] CVE-2018-4117: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.3 is affected. ... An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sen
debian
CVE-2019-8615P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.24.2-1 (bookworm)2019
CVE-2019-8615 [MEDIUM] CVE-2019-8615: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.24.2-1) bullseye: resolved
debian
CVE-2019-8597P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.24.1-1 (bookworm)2019
CVE-2019-8597 [MEDIUM] CVE-2019-8597: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.24.1-1) bullseye: resolved
debian
Debian Webkit2Gtk vulnerabilities | cvebase