3777 matches found
DEBIAN-CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
Design/Logic Flaw
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
USN-4422-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
CVE-2020-13753
The CVE-2020-13753 entry concerns the bubblewrap sandbox used by WebKitGTK and WPE WebKit. Connected sources (e.g., Debian DSA-4724-1) confirm that before version 2.28.3 the bubblewrap sandbox failed to block CLONE_NEWUSER and the TIOCSTI ioctl, enabling sandbox escape: CLONE_NEWUSER could allow ...
CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
UBUNTU-CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...
Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-ab074c6cdf)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
webkit2-gtk3 -- multible vulnerabilities
The WebKitGTK project reports vulnerabilities: CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805: Processing maliciously crafted web content...
EulerOS Virtualization 3.0.6.0 : libsoup (EulerOS-SA-2020-1748)
According to the version of the libsoup package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - WebCore/platform/network/soup/SocketStreamHandleImplSou p.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior ...
GLSA-202006-08 : WebKitGTK+: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202006-08 WebKitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE...
Webkit fireEventListeners use-after-free vulnerability
Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Tested...
Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-7f34d2cfd8)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 30 Update: webkit2gtk3-2.28.2-1.fc30
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3...
Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerability (USN-4347-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4347-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website...
Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-4832f2bd62)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...