NVD - Results

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( Dot gov ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Sort results by:

Search Results (Refine Search)

Search Parameters:

Keyword (text search): cpe:2.3:a:wpewebkit:wpe_webkit:2.19.5:*:*:*:*:*:*:*
CPE Name Search: true

There are 7 matching records.

Displaying matches 1 through 7.

Vuln ID	Summary	CVSS Severity
CVE-2021-42762	BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. Published: October 20, 2021; 3:15:07 PM -0400	V3.1: 5.3 MEDIUM V2.0: 4.6 MEDIUM
CVE-2020-13753	The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. Published: July 14, 2020; 10:15:17 AM -0400	V3.1: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2020-11793	A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Published: April 17, 2020; 9:15:12 AM -0400	V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM
CVE-2020-10018	WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. Published: March 02, 2020; 6:15:11 PM -0500	V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2019-11070	WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. Published: April 10, 2019; 5:29:01 PM -0400	V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM
CVE-2019-6251	WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. Published: January 14, 2019; 3:29:00 AM -0500	V3.0: 8.1 HIGH V2.0: 5.8 MEDIUM
CVE-2018-12293	The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. Published: June 19, 2018; 5:29:00 PM -0400	V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM