CVE-2020-9802

A logic issue was found in webkitgtk that affected WebKitGTK versions before 2.28.3 and WPE WebKit versions before 2.28.3. This flaw allows an attacker to process maliciously crafted web content that may lead to arbitrary code execution. The highest threat from this vulnerability is to...

CVE-2020-9894

An out-of-bounds read flaw was found in webkitgtk that affected WebKitGTK versions before 2.28.4 and WPE WebKit versions before 2.28.4. This flaw allows a remote attacker to cause unexpected application termination or arbitrary code execution. The highest threat from this vulnerability is to...

Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-a496a39b00)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-24b936a870)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Arbitrary Code Execution

WebKitGTK is vulnerable to arbitrary code execution. A memory corruption issue use-after-free allows an attacker to execute arbitrary code...

Arbitrary Code Execution

Webkit2gtk is vulnerable to arbitrary code execution. The vulnerability exists as a use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content...

Arbitrary Code Execution

webkit2gtk is vulnerable arbitrary code execution. The vulnerability exists due to the bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, whic...

Arbitrary Code Execution

webkit2gtk is vulnerable to arbitrary code execution. The vulnerability exists as a logic issue was addressed with improved restrictions...

[SECURITY] Fedora 32 Update: webkit2gtk3-2.28.4-3.fc32

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3...

Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4444-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a maliciou...

USN-4444-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

USN-4444-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

GLSA-202007-61 : WebKitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-61 WebKitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

GLSA-202007-11 : WebKitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-11 WebKitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...

[SECURITY] Fedora 31 Update: webkit2gtk3-2.28.3-1.fc31

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3...

Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK+ vulnerabilities (USN-4422-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4422-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a maliciou...

Ubuntu: Security Advisory (USN-4422-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...