3777 matches found
USN-3828-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3828-1 webkit2gtk vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
RHEL 7 : GNOME (RHSA-2018:3140)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3140 advisory. GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fixes: libsoup: Crash in soupcookiejar.c:getcookies on empty...
webkitgtk: WebSockets don't use system proxy settings
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by...
webkitgtk: Improper TLS certificate verification for WebSocket connections
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections...
Ubuntu 18.04 LTS : WebKitGTK+ regression (USN-3781-2)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3781-2 advisory. USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixe...
Ubuntu: Security Advisory (USN-3781-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3781-2: WebKitGTK+ regression
USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A large number of security issues were discovered in the...
USN-3781-2 webkit2gtk regression
USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A large number of security issues were discovered in the...
Out-of-bounds
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...
CVE-2018-18064
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...
CVE-2018-18064
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...
DEBIAN-CVE-2018-18064
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...
CVE-2018-18064
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...
CVE-2018-18064
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...
CVE-2018-18064
CVE-2018-18064 affects Cairo up to version 1.15.14, with an out-of-bounds stack-memory write when processing a crafted document via WebKitGTK+. Root cause (per connected OSV entry): the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image...
CVE-2018-18064
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...
365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
Posted by Ivan Fratric, Google Project Zero Around a year ago, we published the results of research about the resilience of modern browsers against DOM fuzzing, a well-known technique for finding browser bugs. Together with the bug statistics we also published Domato, our DOM fuzzing tool that wa...
Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-3781-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3781-1 advisory. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, ...
Ubuntu: Security Advisory (USN-3781-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...