SUSE CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

SUSE CVE-2021-45481

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889...

SUSE CVE-2021-45483

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889...

SUSE CVE-2021-45482

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889...

SUSE CVE-2022-30293

In WebKitGTK through 2.36.0 and WPE WebKit, there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp...

Ubuntu: Security Advisory (USN-5867-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5867-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

USN-5867-1 webkit2gtk vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the use of memory after it is freed, allows attackers to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit lies in the use of memory after it is freed during the processing of web content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5867-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5867-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website,...

Fedora: Security Advisory for webkitgtk (FEDORA-2023-5210df1dd1)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: webkitgtk-2.38.4-1.fc37

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

Fedora 37 : webkitgtk (2023-5210df1dd1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5210df1dd1 advisory. Improve GStreamer multimedia playback across the board with improved codec selection logic, better handling of latency, and improving frame discard ...

CVE-2023-23518

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target system...

CVE-2023-23517

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target syste...

[SECURITY] [DSA 5341-1] wpewebkit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5341-1 [email protected] https://www.debian.org/security/ Alberto Garcia February 06, 2023 https://www.debian.org/security/faq -...

Arbitrary Code Execution

webkitgtk is vulnerable to Arbitrary Code Execution. Processing maliciously crafted web content may lead to arbitrary code execution, via a type confusion issue which processes maliciously crafted web content leading to arbitrary code execution...

PT-2023-4263 · Apple +8 · Macos Ventura +13

Name of the Vulnerable Software and Affected Versions: WebKitGTK and WPE WebKit versions prior to those included in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3 Description: The issue is related to a buffer overflow in memory, which may allow a remote attacker to execute...

DLA-3274-1 webkit2gtk - security update

Bulletin has no description...

WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free Vulnerability

WebKit: Use-after-free of RenderMathMLToken in CSSCrossfadeValue::crossfadeChanged There is a use-after-free of a RenderMathMLToken object in CSSCrossfadeValue::crossfadeChanged. CSSCrossfadeValue extends CSSImageGeneratorValue. CSSImageGeneratorValue keeps a HashCountedSet of clients mclients of...