Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4877-1:95C13
HistoryMar 27, 2021 - 6:41 a.m.

[SECURITY] [DSA 4877-1] webkit2gtk security update

2021-03-2706:41:31
lists.debian.org
21

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA-4877-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
March 27, 2021 https://www.debian.org/security/faq

Package : webkit2gtk
CVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789
CVE-2021-1799 CVE-2021-1801 CVE-2021-1870

The following vulnerabilities have been discovered in the webkit2gtk
web engine:

CVE-2020-27918

Liu Long discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2020-29623

Simon Hunt discovered that users may be unable to fully delete
their browsing history under some circumstances.

CVE-2021-1765

Eliya Stein discovered that maliciously crafted web content may
violate iframe sandboxing policy.

CVE-2021-1789

@S0rryMybad discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2021-1799

Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
malicious website may be able to access restricted ports on
arbitrary servers.

CVE-2021-1801

Eliya Stein discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2021-1870

An anonymous researcher discovered that processing maliciously
crafted web content may lead to arbitrary code execution.

For the stable distribution (buster), these problems have been fixed in
version 2.30.6-1~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10ppc64ellibwebkit2gtk-4.0-37< 2.30.6-1~deb10u1libwebkit2gtk-4.0-37_2.30.6-1~deb10u1_ppc64el.deb
Debian10i386webkit2gtk-driver< 2.30.6-1~deb10u1webkit2gtk-driver_2.30.6-1~deb10u1_i386.deb
Debian10armhflibjavascriptcoregtk-4.0-bin< 2.30.6-1~deb10u1libjavascriptcoregtk-4.0-bin_2.30.6-1~deb10u1_armhf.deb
Debian10s390xlibjavascriptcoregtk-4.0-bin-dbgsym< 2.30.6-1~deb10u1libjavascriptcoregtk-4.0-bin-dbgsym_2.30.6-1~deb10u1_s390x.deb
Debian10s390xwebkit2gtk-driver< 2.30.6-1~deb10u1webkit2gtk-driver_2.30.6-1~deb10u1_s390x.deb
Debian10i386gir1.2-javascriptcoregtk-4.0< 2.30.6-1~deb10u1gir1.2-javascriptcoregtk-4.0_2.30.6-1~deb10u1_i386.deb
Debian10arm64gir1.2-javascriptcoregtk-4.0< 2.30.6-1~deb10u1gir1.2-javascriptcoregtk-4.0_2.30.6-1~deb10u1_arm64.deb
Debian10mipslibwebkit2gtk-4.0-dev< 2.30.6-1~deb10u1libwebkit2gtk-4.0-dev_2.30.6-1~deb10u1_mips.deb
Debian10mipsgir1.2-webkit2-4.0< 2.30.6-1~deb10u1gir1.2-webkit2-4.0_2.30.6-1~deb10u1_mips.deb
Debian10alllibwebkit2gtk-4.0-37-gtk2< 2.30.6-1~deb10u1libwebkit2gtk-4.0-37-gtk2_2.30.6-1~deb10u1_all.deb
Rows per page:
1-10 of 1231

Related

nessus 23
archlinux 2
openvas 20
ubuntu 1
osv 4
debian 1
fedora 3
gentoo 1
suse 3
mageia 1
apple 28
veracode 7
ubuntucve 7
cve 7
debiancve 7
redhatcve 7
prion 7
alpinelinux 7
malwarebytes 4
threatpost 5
thn 11
attackerkb 2
cisa_kev 2
oraclelinux 1
almalinux 1
rocky 1
redhat 2
checkpoint_advisories 1
kaspersky 2
amazon 1
qualysblog 2
ibm 2
googleprojectzero 1
nessus
nessus
Debian DSA-4877-1 : webkit2gtk - security update
2021-03-30 00:00:00
Fedora 32 : webkit2gtk3 (2021-619711d709)
2021-04-19 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4894-1)
2021-04-21 00:00:00
archlinux
archlinux
[ASA-202103-25] wpewebkit: multiple issues
2021-03-25 00:00:00
[ASA-202103-24] webkit2gtk: multiple issues
2021-03-25 00:00:00
openvas
openvas
Fedora: Security Advisory for webkit2gtk3 (FEDORA-2021-619711d709)
2021-04-12 00:00:00
Ubuntu: Security Advisory (USN-4894-1)
2021-03-30 00:00:00
Debian: Security Advisory (DSA-4877-1)
2021-03-30 00:00:00
ubuntu
ubuntu
WebKitGTK vulnerabilities
2021-03-29 00:00:00
osv
osv
webkit2gtk vulnerabilities
2021-03-29 12:57:55
webkit2gtk - security update
2021-03-27 00:00:00
Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
debian
debian
[SECURITY] [DSA 4877-1] webkit2gtk security update
2021-03-27 06:41:31
fedora
fedora
[SECURITY] Fedora 32 Update: webkit2gtk3-2.30.6-1.fc32
2021-04-11 14:02:06
[SECURITY] Fedora 34 Update: webkit2gtk3-2.32.0-1.fc34
2021-03-29 00:18:51
[SECURITY] Fedora 33 Update: webkit2gtk3-2.32.0-1.fc33
2021-04-04 01:09:35
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2021-04-30 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2021-05-01 00:00:00
Security update for webkit2gtk3 (important)
2022-02-17 00:00:00
Security update for webkit2gtk3 (important)
2022-01-25 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2021-04-12 22:59:59
apple
apple
About the security content of Safari 14.0.3 - Apple Support
2021-02-02 01:16:45
About the security content of Safari 14.0.3
2021-02-01 00:00:00
About the security content of Safari 14.0.1 - Apple Support
2020-11-13 12:59:59
veracode
veracode
Unauthorised Data Deletion
2021-03-30 21:24:13
Use After Free
2021-03-30 20:15:54
Arbitrary Code Execution
2021-03-30 21:20:33
ubuntucve
ubuntucve
CVE-2020-29623
2020-12-31 00:00:00
CVE-2020-27918
2021-03-26 00:00:00
CVE-2021-1765
2021-03-24 00:00:00
cve
cve
CVE-2020-29623
2021-04-02 18:15:00
CVE-2020-27918
2020-12-08 22:15:00
CVE-2021-1801
2021-04-02 19:15:00
debiancve
debiancve
CVE-2020-29623
2021-04-02 18:15:00
CVE-2020-27918
2020-12-08 22:15:00
CVE-2021-1765
2021-04-02 18:15:00
redhatcve
redhatcve
CVE-2020-29623
2021-03-29 18:49:39
CVE-2020-27918
2021-03-29 18:48:25
CVE-2021-1765
2021-03-29 18:48:30
prion
prion
Design/Logic Flaw
2020-12-08 22:15:00
Arbitrary file deletion
2021-04-02 18:15:00
Code injection
2021-04-02 19:15:00
alpinelinux
alpinelinux
CVE-2020-29623
2021-04-02 18:15:00
CVE-2020-27918
2020-12-08 22:15:00
CVE-2021-1765
2021-04-02 18:15:00
malwarebytes
malwarebytes
A week in security (February 15 – February 21)
2021-02-22 11:37:19
New Mac malware raises more questions about Apple’s security patching
2021-11-16 10:56:31
New DazzleSpy malware attacks macOS
2022-01-26 22:12:25
threatpost
threatpost
Details Tied to Safari Browser-based 'ScamClub' Campaign Revealed
2021-02-17 15:30:37
Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
2021-01-27 12:21:28
MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks
2022-01-25 18:54:42
thn
thn
Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites
2021-02-17 07:11:00
Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild
2021-01-27 05:50:00
Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
2021-11-12 05:38:00
attackerkb
attackerkb
CVE-2021-1870
2021-04-02 00:00:00
CVE-2021-1789
2021-04-02 00:00:00
cisa_kev
cisa_kev
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
2021-11-03 00:00:00
Apple Multiple Products Type Confusion Vulnerability
2022-05-04 00:00:00
oraclelinux
oraclelinux
GNOME security, bug fix, and enhancement update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
rocky
rocky
GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
redhat
redhat
(RHSA-2021:4381) Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
(RHSA-2022:0202) Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
2022-01-20 06:27:36
checkpoint_advisories
checkpoint_advisories
Apple Multiple Products Type Confusion (CVE-2021-1789)
2022-05-24 00:00:00
kaspersky
kaspersky
KLA12008 Multiple vulnerabilities in Apple iTunes
2020-11-17 00:00:00
KLA12017 Mulitple vulnerabilities in Apple iCloud
2020-12-02 00:00:00
amazon
amazon
Important: webkitgtk4
2023-06-07 23:52:00
qualysblog
qualysblog
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
2021-10-18 07:41:18
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
ibm
ibm
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
2022-04-01 16:38:26
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Don’t Know
2022-04-19 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-4877-1:95C13
nessus23archlinux2openvas20ubuntu1osv4debian1fedora3gentoo1suse3mageia1apple28veracode7ubuntucve7cve7debiancve7redhatcve7prion7alpinelinux7malwarebytes4threatpost5thn11attackerkb2cisa_kev2oraclelinux1almalinux1rocky1redhat2checkpoint_advisories1kaspersky2amazon1qualysblog2ibm2googleprojectzero1