3777 matches found
webkit2-gtk3 -- Multiple vulnerabilities
The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities...
UBUNTU-CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...
WebKitGTK+ - 'ThreadedCompositor' Race Condition
@keyframes foo 0% opacity: 0; 100% opacity: 1; div animation-name: foo; animation-duration: 1s; animation-iteration-count: infinite; filter: saturate50%; frame = document.createElement"iframe"; setInterval = frame.remove; document.body.appendChildframe; doc = frame.contentDocument;...
WebKitGTK+ - ThreadedCompositor Race Condition
WebKitGTK+ - ThreadedCompositor Race Condition @keyframes foo 0% opacity: 0; 100% opacity: 1; div animation-name: foo; animation-duration: 1s; animation-iteration-count: infinite; filter: saturate50%; frame = document.createElement"iframe"; setInterval = frame.remove;...
WebKitGTK+ - ThreadedCompositor Race Condition Exploit
@keyframes foo 0% opacity: 0; 100% opacity: 1; div animation-name: foo; animation-duration: 1s; animation-iteration-count: infinite; filter: saturate50%; frame = document.createElement"iframe"; setInterval = frame.remove; document.body.appendChildframe; doc = frame.contentDocument;...
WebKitGTK Denial of Service (CVE-2019-8375)
A denial of service vulnerability exists in WebKitGTK. Successful attack can result in a denial of service condition...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
GLSA-201903-12 : WebkitGTK+: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-12 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : An attacker could execute arbitrary code or conduct...
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service Exploit
Exploit Title: Buffer overflow Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375 References: https://nvd.nist.gov/vuln/detail/CVE-2019-8375...
WebKitGTK 2.23.90 WebKitGTK+ 2.22.6 - Denial of Service
WebKitGTK 2.23.90 WebKitGTK+ 2.22.6 - Denial of Service Exploit Title: Buffer overflow Date: 27-02-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375...
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
Exploit Title: Buffer overflow Date: 27-02-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375 References: https://nvd.nist.gov/vuln/detail/CVE-2019-83...
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service Buffer Overflow or possibly have unspecifi...
CVE-2019-8375
CVE-2019-8375 affects WebKit’s UIProcess subsystem used by WebKitGTK/WebKitGTK+. The vulnerability arises when the script dialog size can exceed the web view size, potentially enabling remote denial of service via a buffer overflow, with other unspecified impacts. Affected packages include WebKit...
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service Buffer Overflow or possibly have unspecifi...
[SECURITY] Fedora 28 Update: webkit2gtk3-2.22.6-1.fc28
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKit2 based WebKitGTK+ for GTK+ 3...
[ASA-201902-19] cairo: arbitrary code execution
Arch Linux Security Advisory ASA-201902-19 ========================================== Severity: Critical Date : 2019-02-17 CVE-ID : CVE-2018-19876 Package : cairo Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-826 Summary ======= The package cairo before...
[ASA-201902-17] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-201902-17 ========================================== Severity: Critical Date : 2019-02-15 CVE-ID : CVE-2019-6212 CVE-2019-6215 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-899 Summary ======= The packa...
Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-3889-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3889-1 advisory. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, ...
Ubuntu: Security Advisory (USN-3889-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3889-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...