Astra Linux - уязвимость в webkit2gtk

Multiple memory corruption issues have been resolved through improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, and Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2026-8555

CVE-2026-8555 pertains to a use-after-free in GTK used by Google Chrome on Windows, affecting Chromium GTK integration. The vulnerability arises in GTK components when handling crafted HTML pages, enabling a remote attacker to execute arbitrary code. The issue is reported for Chrome builds prior ...

Astra Linux – Vulnerability in WebKit2GTK

This issue has been resolved through improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, and watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption...

Astra Linux – Vulnerability in WebKit2GTK

This issue was resolved by removing the origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4; iOS 15.7.4 and iPadOS 15.7.4; tvOS 16.4; and watchOS 9.4. A website may be able to track sensitive user information...

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

EUVD-2017-3769

Malware in sbrugna...

EUVD-2010-4798

Malware in sbrugna...

EUVD-2010-0758

Malware in sbrugna...

EUVD-2014-2002

Malware in sbrugna...

webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely...

webkitgtk: Memory corruption may lead to arbitrary code execution

A memory corruption issue was found in webkitgtk that affected WebKitGTK versions before 2.28.3 and WPE WebKit versions before 2.28.3. This flaw allows an attacker to process maliciously crafted web content that may lead to arbitrary code execution. The highest threat from this vulnerability is t...

TencentOS Server 4: gtk3 (TSSA-2024:0495)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0495 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EulerOS 2.0 SP9 : gtk3 (EulerOS-SA-2024-2814)

According to the versions of the gtk3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : GTK vulnerability (USN-6899-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6899-1 advisory. It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK...

webkitgtk: Processing web content may lead to arbitrary code execution

A vulnerability was found in WebKitGTK and WPE WebKit, which allows remote attacker to perform arbitrary code execution when processing web content. This vulnerability caused by insufficient checks, which could be exploited by attackers to execute malicious code on affected systems...

BrewStillery (>=1.0.0 <=6.2.0), Druid_task1 (=0.1.0) +304 more potentially affected by unknown CVE via gtk (>=0.0.7 <=0.9.2)

gtk CARGO version =0.0.7, =1.0.0, =0.13.2, =1.0.0, =0.2.0, =0.1.0, =0.1.2, =0.2.0, =0.21.0, =0.30.1 - avr-vm =0.1.0 - awl =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0415...

SUSE CVE-2005-2976

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service crash or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186...

SUSE CVE-2019-6251

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge...

NewStart CGSL MAIN 6.02 : spice-gtk Vulnerability (NS-SA-2021-0075)

The remote NewStart CGSL host, running version MAIN 6.02, has spice-gtk packages installed that are affected by a vulnerability: - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE clien...

Authorization Bypass

spice-gtk is vulnerable to authorization bypass. The communication to polkit for authorization via an API call is vulnerable to a race condition in setuid or pkexec process, which allows a local user to bypass access restrictions...