3777 matches found
CVE-2021-21775
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked in...
CVE-2021-21775
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked in...
Advisory ROSA-SA-2021-1810
Software: cairo 1.15.12 OS: Cobalt 7.9 CVE-ID: CVE-2018-18064 CVE-Crit: MEDIUM CVE-DESC: cairo before version 1.15.14 has an off-stack write while processing a generated document with WebKitGTK + due to interaction between cairo-rectangular-scan-converter.c generate and renderrows functions and...
Webkit WebCore::GraphicsContext use-after-free vulnerability
Summary A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger...
Oracle Linux 8 : GNOME (ELSA-2021-1586)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1586 advisory. - Fix CVE-2019-13012 Resolves: 1728632 glibmm24 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
webkitgtk: Memory corruption leading to arbitrary code execution
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution...
webkitgtk: Use-after-free leading to arbitrary code execution
A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a use-after-free in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a specially...
webkitgtk: Memory initialization issue possibly leading to memory disclosure
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory...
webkitgtk: out-of-bounds write may lead to code execution
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution...
webkitgtk: type confusion may lead to arbitrary code execution
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...
webkitgtk: use-after-free may lead to arbitrary code execution
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...
webkitgtk: use-after-free may lead to arbitrary code execution
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...
ALSA-2021:1586 Moderate: GNOME security, bug fix, and enhancement update
GNOME is the default desktop environment of AlmaLinux. The following packages have been upgraded to a later upstream version: accountsservice 0.6.55, webkit2gtk3 2.30.4. BZ1846376, BZ1883304 Security Fixes: webkitgtk: type confusion may lead to arbitrary code execution CVE-2020-9948 webkitgtk:...
The vulnerability of the web page rendering module in WebKitGTK on Apple MacOS operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Web page rendering module in WebKitGTK on Apple MacOS operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created malicious web page...
The vulnerability of the web page rendering module in the WebKitGTK+ operating system for iOS, related to the use after release, allows a hacker to execute arbitrary code.
The vulnerability of the Web page rendering module in the WebKitGTK+ operating system for iOS is related to its use after release. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...
Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4939-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4939-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a maliciou...
Ubuntu: Security Advisory (USN-4939-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4939-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4939-1 webkit2gtk vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
GLSA-202104-03 : WebkitGTK+: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202104-03 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Impact : An attacker, by enticing a user to visit...