SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:3768-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3768-1 advisory. - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process ...

webkitgtk: Use-after-free leading to arbitrary code execution

A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution...

Moderate: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CentOS 8 : GNOME (CESA-2021:4381)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4381 advisory. - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558 - LibRaw: Stack buffer overflow in...

RHEL 8 : GNOME (RHSA-2021:4381)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4381 advisory. GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version:...

webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked in...

webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution

A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity ...

webkitgtk: IFrame sandboxing policy violation

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...

webkitgtk: Use-after-free leading to arbitrary code execution

A use-after-free issue was found in WebKitGTK and WPE WebKit in versions prior to 2.32.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

webkitgtk: IFrame sandboxing policy violation

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...

webkitgtk: Memory corruption issue leading to arbitrary code execution

A memory corruption issue was found in WebKitGTK and WPE WebKit in versions prior to 2.32.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

webkitgtk: Logic issue leading to arbitrary code execution

A logic issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A remote attacker may be able to cause arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

webkitgtk: Integer overflow leading to arbitrary code execution

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by an integer overflow in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a speciall...

webkitgtk: Memory corruption leading to arbitrary code execution

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a memory corruption issue in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a...

webkitgtk: Logic issue leading to universal cross site scripting attack

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting...

webkitgtk: Type confusion leading to arbitrary code execution

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Memory corruptions leading to arbitrary code execution

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Insufficient checks leading to arbitrary code execution

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution...

webkitgtk: User may be unable to fully delete browsing history

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A user may be unable to fully delete the browsing history under some circumstances. The highest threat from this vulnerability is to data confidentiality...

webkitgtk: Type confusion issue leading to arbitrary code execution

A type confusion vulnerability was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...