67 matches found
MiracleLinux 8 : webkit2gtk3-2.36.7-1.el8.3.ML.1 (AXSA:2023-5310:08)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5310:08 advisory. WebKitGTK: use-after-free leads to arbitrary code execution CVE-2023-28205 Tenable has extracted the preceding description block directly from the MiracleLin...
MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9.3 (AXSA:2023-5308:07)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5308:07 advisory. WebKitGTK: use-after-free leads to arbitrary code execution CVE-2023-28205 Tenable has extracted the preceding description block directly from the MiracleLin...
EUVD-2023-33715
Malicious code in bioql PyPI...
Alibaba Cloud Linux 3 : 0040: webkit2gtk3 (ALINUX3-SA-2023:0040)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0040 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-28205: A use after free issue was addresse...
Linux Distros Unpatched Vulnerability : CVE-2023-28205
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS...
CentOS 8 : webkit2gtk3 (CESA-2023:1919)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:1919 advisory. - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadO...
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The...
webkit2gtk3 security update
2.38.5-1.3 - Restore libwpe and wpebackend-fdo dependencies Related: 2185741 sort of 2.38.5-1.2 - Disable libwpe and wpebackend-fdo dependencies Related: 2185741 sort of 2.38.5-1.1 - Add patch for CVE-2023-28205 Resolves: 2185741 2.38.5-1 - Update to 2.38.5 Related: 2127468 2.38.4-1 - Update to...
Mageia: Security Advisory (MGASA-2023-0177)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 8 : webkit2gtk3 (ALSA-2023:3108)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3108 advisory. - A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network...
RLSA-2023:3108 Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Regression of CVE-2023-28205 fixes in the Rocky Linux CVE-2023-2203 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
webkit2gtk3 security update
An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...
Input validation
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...
webkit2gtk3 security update
2.38.5-1.1 - Add patch for CVE-2023-28205 Resolves: 2185745 2.38.5-1 - Update to 2.38.5 Related: 2127467 2.38.4-1 - Update to 2.38.4 Related: 2127467 2.38.3-1 - Update to 2.38.3 Related: 2127467 2.38.2-1 - Update to 2.38.2 Related: 2127467 2.38.1-2 - Fix use with aarch64 64 KiB page size Related:...
CVE-2023-2203
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...
CVE-2023-2203
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux CVE-2023-2203 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Oracle Linux 9 : webkit2gtk3 (ELSA-2023-2653)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2653 advisory. - Add patch for CVE-2023-28205 Resolves: 2185745 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...
Debian: Security Advisory (DLA-3419-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...