22 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-9802
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10...
SUSE: Security Advisory (SUSE-SU-2020:1992-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:2069-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1990-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
JITSploitation II: Getting Read/Write
Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...
JITSploitation III: Subverting Control Flow
Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...
JITSploitation I: A JIT Bug
By Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS...
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2069-1)
This update for webkit2gtk3 fixes the following issues : Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...
GLSA-202007-11 : WebKitGTK+: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202007-11 WebKitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...
openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1064)
This update for webkit2gtk3 fixes the following issues : - Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player....
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2020:1064-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for webkit2gtk3 (important)
openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:1064-1 Rating: important References: 1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: openSUSE...
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1990-1)
This update for webkit2gtk3 fixes the following issues : Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1992-1)
This update for webkit2gtk3 fixes the following issues : Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...
[ASA-202007-1] webkit2gtk: multiple issues
Arch Linux Security Advisory ASA-202007-1 ========================================= Severity: Critical Date : 2020-07-14 CVE-ID : CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-13753 Package : webkit2gtk Type : multiple issues Remote : Y...
CVE-2020-9802
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code...
CVE-2020-9802
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code...
CVE-2020-9802
CVE-2020-9802 is a memory-related/logic issue in WebKit-based components where processing maliciously crafted web content may lead to arbitrary code execution. The initial Apple advisory links the vulnerability to multiple products and states that the issue is fixed in Apple iOS 13.5 and iPadOS 1...
About the security content of Safari 13.1.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
About the security content of iTunes 12.10.7 for Windows - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...