cbcvebase.

Debian Webkit2Gtk vulnerabilities

678 known vulnerabilities affecting debian/webkit2gtk.

Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275

Vulnerabilities

Page 27 of 34
CVE-2025-43511P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2025
CVE-2025-43511 [MEDIUM] CVE-2025-43511: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye:
debian
CVE-2020-9805P4HIGHCVSS 7.1fixed in webkit2gtk 2.28.3-1 (bookworm)2020
CVE-2020-9805 [HIGH] CVE-2020-9805: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i... A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. Scope: local bookworm: resolved (fixed in 2.28.3-1) bu
debian
CVE-2020-9843P4HIGHCVSS 7.1fixed in webkit2gtk 2.28.3-1 (bookworm)2020
CVE-2020-9843 [HIGH] CVE-2020-9843: webkit2gtk - An input validation issue was addressed with improved input validation. This iss... An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. Scope: local bookworm: resolved (fixed
debian
CVE-2017-2350P4LOWCVSS 6.5fixed in webkit2gtk 2.14.4-1 (bookworm)2017
CVE-2017-2350 [MEDIUM] CVE-2017-2350: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected... An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Scope: local bookworm: resolved (fixed in 2.14.4-1) bulls
debian
CVE-2017-2386P4LOWCVSS 6.5fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2386 [MEDIUM] CVE-2017-2386: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ... An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: r
debian
CVE-2016-7586P4LOWCVSS 6.5fixed in webkit2gtk 2.14.3-1 (bookworm)2016
CVE-2016-7586 [MEDIUM] CVE-2016-7586: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ... An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye
debian
CVE-2017-2424P4LOWCVSS 6.5fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2424 [MEDIUM] CVE-2017-2424: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ... An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: resolved (fi
debian
CVE-2021-30887P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.34.3-1 (bookworm)2021
CVE-2021-30887 [MEDIUM] CVE-2021-30887: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m... A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. Scope: local bookworm: resolved (fixed in 2.34.3-1) bullseye: resolved (fixed in 2.34.3-1~deb11u1) forky: r
debian
CVE-2019-8607P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.24.2-1 (bookworm)2019
CVE-2019-8607 [MEDIUM] CVE-2019-8607: webkit2gtk - An out-of-bounds read was addressed with improved input validation. This issue i... An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. Scope: local bookworm: resolved (fixed in 2.24.2-1) bullse
debian
CVE-2021-1820P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.30.1-1 (bookworm)2021
CVE-2021-1820 [MEDIUM] CVE-2021-1820: webkit2gtk - A memory initialization issue was addressed with improved memory handling. This ... A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved
debian
CVE-2019-7292P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.24.1-1 (bookworm)2019
CVE-2019-7292 [MEDIUM] CVE-2019-7292: webkit2gtk - A validation issue was addressed with improved logic. This issue is fixed in iOS... A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. Scope: local bookworm: resolved (fixed in 2.24.1-1) bullseye: resolved (fixed in 2.24.1-1) forky:
debian
CVE-2019-8515P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.24.1-1 (bookworm)2019
CVE-2019-8515 [MEDIUM] CVE-2019-8515: webkit2gtk - A cross-origin issue existed with the fetch API. This was addressed with improve... A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. Scope: local bookworm: resolved (fixed in 2.24.1-1) bullseye: resolved (
debian
CVE-2024-40789P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.3-1~deb12u1 (bookworm)2024
CVE-2024-40789 [MEDIUM] CVE-2024-40789: webkit2gtk - An out-of-bounds access issue was addressed with improved bounds checking. This ... An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb
debian
CVE-2024-40782P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.3-1~deb12u1 (bookworm)2024
CVE-2024-40782 [MEDIUM] CVE-2024-40782: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1)
debian
CVE-2025-43272P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.1-1~deb12u1 (bookworm)2025
CVE-2025-43272 [MEDIUM] CVE-2025-43272: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.1-1~deb11u1) forky: resolved (fixe
debian
CVE-2022-32923P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.38.0-1 (bookworm)2022
CVE-2022-32923 [MEDIUM] CVE-2022-32923: webkit2gtk - A correctness issue in the JIT was addressed with improved checks. This issue is... A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. Scope: local bookworm: resolved (fixed in 2.38.0-1) bullseye: resolved (fixed in
debian
CVE-2023-38133P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.40.5-1~deb12u1 (bookworm)2023
CVE-2023-38133 [MEDIUM] CVE-2023-38133: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 ... The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information. Scope: local bookworm: resolved (fixed in 2.40.5-1~deb12u1) bullseye: resolved (fixed in 2.40.5-1~deb11u1) forky: resolved
debian
CVE-2025-24143P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.46.6-1~deb12u1 (bookworm)2025
CVE-2025-24143 [MEDIUM] CVE-2025-24143: webkit2gtk - The issue was addressed with improved access restrictions to the file system. Th... The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.46.6-1~deb12u1) bullseye: resolved (fixed in 2.46.6-1~deb11u1) forky: resolved
debian
CVE-2024-27838P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.3-1~deb12u1 (bookworm)2024
CVE-2024-27838 [MEDIUM] CVE-2024-27838: webkit2gtk - The issue was addressed by adding additional logic. This issue is fixed in Safar... The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1) bullseye: resolved (fixed in 2.44.
debian
CVE-2024-44187P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.46.0-2~deb12u1 (bookworm)2024
CVE-2024-44187 [MEDIUM] CVE-2024-44187: webkit2gtk - A cross-origin issue existed with "iframe" elements. This was addressed with imp... A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fixed
debian
Debian Webkit2Gtk vulnerabilities | cvebase