CVE-2020-13543

CVE-2020-13543 affects WebKitGTK’s WebSocket handling in WebKitGTK 2.30.0, where a crafted page can trigger a use-after-free leading to remote code execution. The vulnerability is confirmed by multiple sources in the connected documents, and remediation is available: upgrade to WebKitGTK 2.30.3 (...

CVE-2020-13543

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

Fedora 32 : webkit2gtk3 (2020-e8a7566e80)

Update to WebKitGTK 2.30.3 : - Fix backdrop filters with rounded borders. - Fix scrolling iframes when async scrolling is enabled. - Allow applications to handle drag and drop on the web view again. - Update Outlook user agent quirk. - Fix several crashes and rendering issues. - Security fixes:...

WebKitGTK 资源管理错误漏洞

WebKitGTK is a full-featured port of the WebKit rendering engine.A post-release reuse vulnerability exists in the WebSocket functionality of WebKitGTK 2.30.0. An attacker could exploit the vulnerability to achieve remote code execution by tricking a user into visiting a specially crafted web page...

CentOS 7 : webkitgtk4 (RHSA-2020:4035)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4035 advisory. - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH,...

Webkit WebSocket code execution vulnerability

Summary A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

Webkit ImageDecoderGStreamer use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. Tested...

Ubuntu: Security Advisory (USN-4648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4648-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

USN-4648-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4648-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4648-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a maliciou...

CVE-2020-13584

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability...

WebKitGTK Resource Management Error Vulnerability

WebKitGTK is a full-featured port of the WebKit rendering engine for projects that require any type of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. It provides the full functionality of WebKit for a wide range of systems from desktop computers to embedded syste...

RHEL 7 : webkitgtk4 (RHSA-2020:4035)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4035 advisory. WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The...

Oracle Linux 8 : GNOME (ELSA-2020-4451)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4451 advisory. - Backport fix for CVE-2020-15503 from Fedora Resolves: 1853529 libsoup Tenable has extracted the preceding description block directly from the Oracle...

Medium: webkitgtk4

Issue Overview: WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...

Amazon Linux 2 : webkitgtk4 (ALAS-2020-1563)

The version of webkitgtk4 installed on the remote host is prior to 2.28.2-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1563 advisory. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when...

evolution security and bug fix update

bogofilter 1.2.5-2 - Bump version to have OSCI/gating tests rerun with updated tests 1.2.5-1 - Resolves: 1836279 Update to 1.2.5 evolution 3.28.5-14 - Related: 1817143 Add a small patch to behave better with WebKitGTK 2.28 3.28.5-13 - Resolves: 1836165 Cannot type the date of a meeting...

webkitgtk: Incorrect state management leading to universal cross-site scripting

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting...

webkitgtk: Incorrect state management leading to universal cross-site scripting

A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting...