329 matches found
EUVD-2019-2775
Malware in sbrugna...
EUVD-2020-5974
Malware in sbrugna...
EUVD-2020-2483
Malware in sbrugna...
EUVD-2020-4135
Malware in sbrugna...
EUVD-2019-15818
Malware in sbrugna...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the memory management process. An attacker can execute arbitrary code or cause a crash by tricking a user into processing or loading malicious web content. This is only exploitable if the system has specific packages...
Linux Distros Unpatched Vulnerability : CVE-2021-42762
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into...
Linux Distros Unpatched Vulnerability : CVE-2020-11793
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary...
webkitgtk: logic issue leading to user information disclosure
A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows an attacker to process maliciously crafted web content that may disclose sensitive user information...
webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution
An out-of-bounds read flaw was found in webkitgtk that affected WebKitGTK versions before 2.28.4 and WPE WebKit versions before 2.28.4. This flaw allows a remote attacker to cause unexpected application termination or arbitrary code execution. The highest threat from this vulnerability is to...
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity ...
webkitgtk: Processing web content may lead to arbitrary code execution
A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems...
webkitgtk: Use-after-free leading to arbitrary code execution
A use-after-free issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
webkitgtk: IFrame sandboxing policy violation
A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...
webkitgtk: IFrame sandboxing policy violation
A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...
webkitgtk: limited sandbox escape via VFS syscalls
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...
webkitgtk: Visiting a website that frames malicious content may lead to UI spoofing.
A vulnerability was found in WebKitGTK and WPE WebKit that allows a remote attacker to conduct spoofing attacks by exploiting improper UI handling. This flaw enables attackers to create specially crafted websites that can display misleading information to users. By exploiting this vulnerability, ...
webkitgtk: Use-after-free leading to arbitrary code execution
A use-after-free issue was found in WebKitGTK and WPE WebKit in versions prior to 2.32.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
webkitgtk: logic issue was addressed with improved state management
A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...
webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl
A flaw was found in webkitgtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. The bubblewrap sandbox failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside...