cbcvebase.

Debian Webkit2Gtk vulnerabilities

678 known vulnerabilities affecting debian/webkit2gtk.

Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275

Vulnerabilities

Page 8 of 34
CVE-2017-2442P3LOWCVSS 6.5PoCfixed in webkit2gtk 2.14.6-1 (bookworm)2017
CVE-2017-2442 [MEDIUM] CVE-2017-2442: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ... An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Scope: local bookworm: resolved (fixed in 2.14.6-1) bullseye: resolved (f
debian
CVE-2019-8649P3MEDIUMCVSS 6.1PoCfixed in webkit2gtk 2.24.4-1 (bookworm)2019
CVE-2019-8649 [MEDIUM] CVE-2019-8649: webkit2gtk - A logic issue existed in the handling of synchronous page loads. This issue was ... A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting
debian
CVE-2019-8690P3MEDIUMCVSS 6.1PoCfixed in webkit2gtk 2.24.3-1 (bookworm)2019
CVE-2019-8690 [MEDIUM] CVE-2019-8690: webkit2gtk - A logic issue existed in the handling of document loads. This issue was addresse... A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. Scope:
debian
CVE-2017-2445P3LOWCVSS 6.1PoCfixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2445 [MEDIUM] CVE-2017-2445: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ... An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: resolved (fixed in 2.16.
debian
CVE-2017-2510P3LOWCVSS 6.1PoCfixed in webkit2gtk 2.16.3-1 (bookworm)2017
CVE-2017-2510 [MEDIUM] CVE-2017-2510: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected... An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. Scope: local bookworm: resolved (fixed in 2.16.3-1) bullseye: resolv
debian
CVE-2017-2504P3LOWCVSS 6.1PoCfixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2504 [MEDIUM] CVE-2017-2504: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected... An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. Scope: local bookworm: resolv
debian
CVE-2017-2508P3LOWCVSS 6.1PoCfixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2508 [MEDIUM] CVE-2017-2508: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected... An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: resolv
debian
CVE-2017-2528P3LOWCVSS 6.1PoCfixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2528 [MEDIUM] CVE-2017-2528: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected... An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: resolved
debian
CVE-2020-13753P3CRITICALCVSS 10.0fixed in webkit2gtk 2.28.3-1 (bookworm)2020
CVE-2020-13753 [CRITICAL] CVE-2020-13753: webkit2gtk - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to p... The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal'
debian
CVE-2016-4622P3LOWCVSS 8.8fixed in webkit2gtk 2.12.4-1 (bookworm)2016
CVE-2016-4622 [HIGH] CVE-2016-4622: webkit2gtk - WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 all... WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624. Scope: local bookworm: resolved (fixed in 2.12.4-1) bullseye: resolved (fixed in 2.12.4
debian
CVE-2020-9895P3CRITICALCVSS 9.8fixed in webkit2gtk 2.28.4-1 (bookworm)2020
CVE-2020-9895 [CRITICAL] CVE-2020-9895: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Scope: local bookwor
debian
CVE-2022-32792P3HIGHCVSS 8.8fixed in webkit2gtk 2.36.6-1 (bookworm)2022
CVE-2022-32792 [HIGH] CVE-2022-32792: webkit2gtk - An out-of-bounds write issue was addressed with improved input validation. This ... An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.36.6-1) bullseye: resolved (fixed in 2.36.6-1~deb11u1) for
debian
CVE-2023-42852P3HIGHCVSS 8.8fixed in webkit2gtk 2.42.2-1~deb12u1 (bookworm)2023
CVE-2023-42852 [HIGH] CVE-2023-42852: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in iOS 17.... A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.42.2-1~deb12u1) bullseye: resolved (fixed in 2.42.2-1~deb11u1) forky: reso
debian
CVE-2024-23213P3HIGHCVSS 8.8fixed in webkit2gtk 2.42.5-1~deb12u1 (bookworm)2024
CVE-2024-23213 [HIGH] CVE-2024-23213: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.42.5-1~deb12u1) bullseye: resolved (fixed in 2.42.5-1~deb11u1) forky:
debian
CVE-2023-41074P3HIGHCVSS 8.8fixed in webkit2gtk 2.42.1-1~deb12u1 (bookworm)2023
CVE-2023-41074 [HIGH] CVE-2023-41074: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in tvOS 17, Sa... The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.42.1-1~deb12u1) bullseye: resolved (fixed in 2.42.1-1~deb11u1) forky: resolved (fixed in 2.42.0-1) sid: resolved (fixed
debian
CVE-2022-22629P3HIGHCVSS 8.8fixed in webkit2gtk 2.36.0-1 (bookworm)2022
CVE-2022-22629 [HIGH] CVE-2022-22629: webkit2gtk - A buffer overflow issue was addressed with improved memory handling. This issue ... A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.36.0-1) bullseye: resolved (fixed in
debian
CVE-2023-42890P3HIGHCVSS 8.8fixed in webkit2gtk 2.42.1-1~deb12u1 (bookworm)2023
CVE-2023-42890 [HIGH] CVE-2023-42890: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.42.1-1~deb12u1) bullseye: resolved (fixed in 2.42.1-1~deb11u1) forky: resolved (fixed in 2.42.0-1)
debian
CVE-2021-30934P3HIGHCVSS 8.8fixed in webkit2gtk 2.34.4-1 (bookworm)2021
CVE-2021-30934 [HIGH] CVE-2021-30934: webkit2gtk - A buffer overflow issue was addressed with improved memory handling. This issue ... A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.34.4-1) bullseye: resolved (fixed in 2.34.4-1~deb11u1) forky: re
debian
CVE-2023-38600P3HIGHCVSS 8.8fixed in webkit2gtk 2.40.5-1~deb12u1 (bookworm)2023
CVE-2023-38600 [HIGH] CVE-2023-38600: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in iOS 16.6 an... The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.40.5-1~deb12u1) bullseye: resolved (fixed in 2.40.5-1~deb11u1) forky: resolved (fixed in 2.40.5-1) sid: reso
debian
CVE-2024-27820P3HIGHCVSS 8.8fixed in webkit2gtk 2.44.2-1~deb12u1 (bookworm)2024
CVE-2024-27820 [HIGH] CVE-2024-27820: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.44.2-1~deb12u1) bullseye: resolved (fixed in 2.44.2-1~d
debian
Debian Webkit2Gtk vulnerabilities | cvebase