cbcvebase.

Debian Webkit2Gtk vulnerabilities

678 known vulnerabilities affecting debian/webkit2gtk.

Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275

Vulnerabilities

Page 3 of 34
CVE-2018-4443P1LOWCVSS 8.8ExploitedPoCfixed in webkit2gtk 2.22.3-1 (bookworm)2018
CVE-2018-4443 [HIGH] CVE-2018-4443: webkit2gtk - A memory corruption issue was addressed with improved memory handling. This issu... A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Scope: local bookworm: resolved (fixed in 2.22.3-1) bullseye: resolved (fixed in 2.22.3-1) forky: resolved (fixed in 2.22.3-1) sid: resolved (fixed in 2
debian
CVE-2018-4312P1LOWCVSS 8.8ExploitedPoCfixed in webkit2gtk 2.22.0-2 (bookworm)2018
CVE-2018-4312 [HIGH] CVE-2018-4312: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Scope: local bookworm: resolved (fixed in 2.22.0-2) bullseye: resolved (fixed in 2.22.0-2) forky: resolved (fixed in 2.22.0-2) sid: resolved (fixed in 2.22.0-2) trixie: resolved (fix
debian
CVE-2018-4386P1LOWCVSS 8.8ExploitedPoCfixed in webkit2gtk 2.22.3-1 (bookworm)2018
CVE-2018-4386 [HIGH] CVE-2018-4386: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Scope: local bookworm: resolved (fixed in 2.22.3-1) bullseye: resolved (fixed in 2.22.3-1) forky: resolved (fixed in 2.22.3-1) sid: resolved (fixed in 2.22.3-1)
debian
CVE-2017-13798P1LOWCVSS 8.8ExploitedPoCfixed in webkit2gtk 2.18.3-1 (bookworm)2017
CVE-2017-13798 [HIGH] CVE-2017-13798: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.1 is affected. ... An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c
debian
CVE-2017-13794P2LOWCVSS 8.8ExploitedPoCfixed in webkit2gtk 2.18.1-1 (bookworm)2017
CVE-2017-13794 [HIGH] CVE-2017-13794: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.1 is affected. ... An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c
debian
CVE-2022-46691P1HIGHCVSS 8.8Exploitedfixed in webkit2gtk 2.38.1-1 (bookworm)2022
CVE-2022-46691 [HIGH] CVE-2022-46691: webkit2gtk - A memory consumption issue was addressed with improved memory handling. This iss... A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.38.1-1) bullseye: resolved (fixe
debian
CVE-2022-46700P1HIGHCVSS 8.8Exploitedfixed in webkit2gtk 2.38.3-1 (bookworm)2022
CVE-2022-46700 [HIGH] CVE-2022-46700: webkit2gtk - A memory corruption issue was addressed with improved input validation. This iss... A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.38.3-1) bullseye: resolved (fixe
debian
CVE-2022-46692P1MEDIUMCVSS 5.5Exploitedfixed in webkit2gtk 2.38.3-1 (bookworm)2022
CVE-2022-46692 [MEDIUM] CVE-2022-46692: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. Scope: local bookworm: resolved (fixed in 2.38.3-1) bullseye: resolv
debian
CVE-2022-42852P1MEDIUMCVSS 6.5Exploitedfixed in webkit2gtk 2.38.3-1 (bookworm)2022
CVE-2022-42852 [MEDIUM] CVE-2022-42852: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. Scope: local bookworm: resolved (fixed in 2.38.3-1) bullseye: resolved (fixed in
debian
CVE-2021-1801P1MEDIUMCVSS 6.5Exploitedfixed in webkit2gtk 2.30.6-1 (bookworm)2021
CVE-2021-1801 [MEDIUM] CVE-2021-1801: webkit2gtk - This issue was addressed with improved iframe sandbox enforcement. This issue is... This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Scope: local bookworm: resolved (fixed in 2.30.6-1) bullseye: resol
debian
CVE-2021-1765P1MEDIUMCVSS 6.5Exploitedfixed in webkit2gtk 2.30.6-1 (bookworm)2021
CVE-2021-1765 [MEDIUM] CVE-2021-1765: webkit2gtk - This issue was addressed with improved iframe sandbox enforcement. This issue is... This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. Scope: local bookworm: resolved (fixed in 2.30.6-1) bullseye: resolved (fixed in 2.30.6-1) forky: resolved (fixed in
debian
CVE-2019-8771P1MEDIUMCVSS 6.1Exploitedfixed in webkit2gtk 2.26.0-1 (bookworm)2019
CVE-2019-8771 [MEDIUM] CVE-2019-8771: webkit2gtk - This issue was addressed with improved iframe sandbox enforcement. This issue is... This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. Scope: local bookworm: resolved (fixed in 2.26.0-1) bullseye: resolved (fixed in 2.26.0-1) forky: resolved (fixed in 2.26.0-1) sid: resolved (fixed in 2.26.0-1) trixie: resolved (fix
debian
CVE-2022-46705P1MEDIUMCVSS 4.3Exploitedfixed in webkit2gtk 2.38.4-1 (bookworm)2022
CVE-2022-46705 [MEDIUM] CVE-2022-46705: webkit2gtk - A spoofing issue existed in the handling of URLs. This issue was addressed with ... A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.38.4-1) bullseye: resolved (fixed in 2.38.4-2~deb11u1) forky: resol
debian
CVE-2020-9850P1CRITICALCVSS 9.8PoCfixed in webkit2gtk 2.28.3-1 (bookworm)2020
CVE-2020-9850 [CRITICAL] CVE-2020-9850: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i... A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.3-1) bullseye: resolved (
debian
CVE-2018-4162P2LOWCVSS 8.8PoCfixed in webkit2gtk 2.20.0-2 (bookworm)2018
CVE-2018-4162 [HIGH] CVE-2018-4162: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.3 is affected. ... An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a
debian
CVE-2018-11646P2LOWCVSS 7.5PoCfixed in webkit2gtk 2.20.3-1 (bookworm)2018
CVE-2018-11646 [HIGH] CVE-2018-11646: webkit2gtk - webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPag... webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. Scope: local bookworm: resolved (fixed in 2.20.3-1) bullseye: resolved (fixed in 2.20.3-1) forky: resolved (fixed in 2.20.
debian
CVE-2018-4416P2LOWCVSS 8.8PoCfixed in webkit2gtk 2.22.1-1 (bookworm)2018
CVE-2018-4416 [HIGH] CVE-2018-4416: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Scope: local bookworm: resolved (fixed in 2.22.1-1) bullseye: resolved (fixed in 2.22.1-1) forky: resolved (fixed in 2.22.1-1) sid: resolved (fixed in 2.22.1-1)
debian
CVE-2019-8689P2HIGHCVSS 8.8PoCfixed in webkit2gtk 2.24.3-1 (bookworm)2019
CVE-2019-8689 [HIGH] CVE-2019-8689: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fi
debian
CVE-2019-8672P2HIGHCVSS 8.8PoCfixed in webkit2gtk 2.24.2-1 (bookworm)2019
CVE-2019-8672 [HIGH] CVE-2019-8672: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fi
debian
CVE-2019-8820P2HIGHCVSS 8.8PoCfixed in webkit2gtk 2.26.1-1 (bookworm)2019
CVE-2019-8820 [HIGH] CVE-2019-8820: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed i
debian
Debian Webkit2Gtk vulnerabilities | cvebase