cbcvebase.

Debian Webkit2Gtk vulnerabilities

678 known vulnerabilities affecting debian/webkit2gtk.

Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275

Vulnerabilities

Page 26 of 34
CVE-2021-1799P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.30.6-1 (bookworm)2021
CVE-2021-1799 [MEDIUM] CVE-2021-1799: webkit2gtk - A port redirection issue was addressed with additional port validation. This iss... A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. Scope: local bookworm: resolved (fix
debian
CVE-2024-23284P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.1-1~deb12u1 (bookworm)2024
CVE-2024-23284 [MEDIUM] CVE-2024-23284: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: resolved (fixed in 2.44.1-1~de
debian
CVE-2018-4319P3LOWCVSS 8.1fixed in webkit2gtk 2.22.0-2 (bookworm)2018
CVE-2018-4319 [HIGH] CVE-2018-4319: webkit2gtk - A cross-origin issue existed with "iframe" elements. This was addressed with imp... A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Scope: local bookworm: resolved (fixed in 2.22.0-2) bullseye: resolved (fixed in 2.22.0-2) forky: resolved (fixed in 2.22.0-2) sid: re
debian
CVE-2020-9952P4HIGHCVSS 7.1fixed in webkit2gtk 2.28.3-1 (bookworm)2020
CVE-2020-9952 [HIGH] CVE-2020-9952: webkit2gtk - An input validation issue was addressed with improved input validation. This iss... An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. Scope: local bookworm: resolved (fixed in 2.28.3-1) bullseye: resolved (f
debian
CVE-2024-23263P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.1-1~deb12u1 (bookworm)2024
CVE-2024-23263 [MEDIUM] CVE-2024-23263: webkit2gtk - A logic issue was addressed with improved validation. This issue is fixed in Saf... A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1)
debian
CVE-2025-43214P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2025
CVE-2025-43214 [MEDIUM] CVE-2025-43214: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in 2.5
debian
CVE-2025-43457P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2025
CVE-2025-43457 [MEDIUM] CVE-2025-43457: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in
debian
CVE-2016-7599P4LOWCVSS 6.5fixed in webkit2gtk 2.14.3-1 (bookworm)2016
CVE-2016-7599 [MEDIUM] CVE-2016-7599: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ... An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. S
debian
CVE-2016-7598P4LOWCVSS 6.5fixed in webkit2gtk 2.14.3-1 (bookworm)2016
CVE-2016-7598 [MEDIUM] CVE-2016-7598: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ... An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. Scope: local bookworm: resolved (fixed i
debian
CVE-2021-30887P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.34.3-1 (bookworm)2021
CVE-2021-30887 [MEDIUM] CVE-2021-30887: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m... A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. Scope: local bookworm: resolved (fixed in 2.34.3-1) bullseye: resolved (fixed in 2.34.3-1~deb11u1) forky: r
debian
CVE-2020-9915P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.28.4-1 (bookworm)2020
CVE-2020-9915 [MEDIUM] CVE-2020-9915: webkit2gtk - An access issue existed in Content Security Policy. This issue was addressed wit... An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from
debian
CVE-2024-23280P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.1-1~deb12u1 (bookworm)2024
CVE-2024-23280 [MEDIUM] CVE-2024-23280: webkit2gtk - An injection issue was addressed with improved validation. This issue is fixed i... An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1) bullseye: resolved (fixed in 2.44.1-1~deb11u1) forky: resolved (fixed i
debian
CVE-2024-23254P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.1-1~deb12u1 (bookworm)2024
CVE-2024-23254 [MEDIUM] CVE-2024-23254: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in Safari... The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1) bullseye: resolved (fixed in 2.44.1-1~deb11u1) forky: resolved (fixed in
debian
CVE-2025-43216P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.48.5-1~deb12u1 (bookworm)2025
CVE-2025-43216 [MEDIUM] CVE-2025-43216: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: reso
debian
CVE-2025-43212P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.48.5-1~deb12u1 (bookworm)2025
CVE-2025-43212 [MEDIUM] CVE-2025-43212: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~deb11u
debian
CVE-2019-8608P4MEDIUMCVSS 6.3fixed in webkit2gtk 2.24.1-1 (bookworm)2019
CVE-2019-8608 [MEDIUM] CVE-2019-8608: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.24.1-1) bullseye: resolved
debian
CVE-2024-23206P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.42.5-1~deb12u1 (bookworm)2024
CVE-2024-23206 [MEDIUM] CVE-2024-23206: webkit2gtk - An access issue was addressed with improved access restrictions. This issue is f... An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.42.5-1~deb12u1) bullseye: resolved (fixed in 2.42.5
debian
CVE-2022-46698P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.38.3-1 (bookworm)2022
CVE-2022-46698 [MEDIUM] CVE-2022-46698: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ... A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. Scope: local bookworm: resolved (fixed in 2.38.3-1) bullseye: resolved (fixed in 2.38.3-1~deb11u1)
debian
CVE-2025-43213P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.5-1 (bookworm)2025
CVE-2025-43213 [MEDIUM] CVE-2025-43213: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.5-1) bullseye: open forky: resolved (fixed in 2.50.5-1) s
debian
CVE-2025-43356P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.1-1~deb12u1 (bookworm)2025
CVE-2025-43356 [MEDIUM] CVE-2025-43356: webkit2gtk - The issue was addressed with improved handling of caches. This issue is fixed in... The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.1-1~de
debian
Debian Webkit2Gtk vulnerabilities | cvebase