logo
DATABASE RESOURCES PRICING ABOUT US

CentOS 8 : webkit2gtk3 (CESA-2022:1777)

Description

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1777 advisory. - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809) - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818) - webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823) - webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836) - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846, CVE-2021-30848, CVE-2021-30851) - webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849) - webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884) - webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887) - webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888) - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889) - webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890) - webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897) - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2022-22590) - webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481) - webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482) - webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483) - webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589) - webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592) - webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594) - webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620) - webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related