📦

webkitgtk\+

Vendor: webkitgtk

Login to add this product to WatchStack
Actively Exploited 7 CISA KEV List
PoC / Exploits 9 Code Available
Total RCEs 21 Remote Access
Total CVEs 250 Total Indexed
Avg. EPSS 3.82% Exploit Prob.
Latest CVE CVE-2023-42917 Nov 30

Security Vulnerability Index

Page 2 / 25
8.8 CVSS
CVE-2020-9951
RCE

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

EPSS: 2.00%
8.8 CVSS
CVE-2020-9948
RCE

A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

EPSS: 0.29%
8.8 CVSS
CVE-2016-4761

WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS

EPSS: 0.54%
6.1 CVSS
CVE-2019-8813

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.

EPSS: 0.39%
6.1 CVSS
CVE-2019-8764

A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.

EPSS: 0.40%
6.1 CVSS
CVE-2019-8719

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

EPSS: 0.71%
6.1 CVSS
CVE-2019-8625

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

EPSS: 0.93%
8.8 CVSS
CVE-2019-6234
RCE

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

EPSS: 0.61%
9.8 CVSS
CVE-2019-8375
Exploit Found

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).

EPSS: 15.98%
8.8 CVSS
CVE-2018-4213

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

EPSS: 0.66%