2155 matches found
CVE-2026-12322
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue in the Widget: Gtk component...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...
RHEL 9 : webkit2gtk3 (RHSA-2026:28148)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28148 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...
atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...
Astra Linux – Vulnerability in WebKit2GTK
A use-after-free vulnerability exists in WebCore::RenderLayer::renderer in WebKitGTK before version 2.36.8, allowing attackers to execute code remotely...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw89: wow: fixed the GTK offload H2C skbuff issue We mistakenly considered skb to be too large, which might have exceeded skb-end. Therefore, we have corrected this issue. skbuff: skboverpanic: text:ffffffffc09e9a9d...
Astra Linux – Vulnerability in WebKit2GTK
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889...
Astra Linux – Vulnerability in WebKit2GTK
This issue was resolved by removing the origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4; iOS 15.7.4 and iPadOS 15.7.4; tvOS 16.4; and watchOS 9.4. A website may be able to track sensitive user information...
Astra Linux – Vulnerability in WebKit2GTK
A vulnerability related to out-of-bounds reads has been addressed through improved input validation. This issue is fixed in iOS 14.8, iPadOS 14.8, tvOS 15, watchOS 8, iOS 15, and iPadOS 15. Processing a maliciously crafted audio file may lead to the disclosure of restricted memory...
Astra Linux – Vulnerability in WebKit2GTK
A correctness issue in JIT was addressed through improved checks. This issue has been fixed in tvOS 16.1, iOS 15.7.1, iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1, and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app...
Astra Linux – Vulnerability in WebKit2GTK
There is a code execution vulnerability in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page may lead to a use after free issue...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixing the gtk offload status event locking issue The ath11k active PDevs are protected by RCUs, but the code that handles the gtk offload status event and calls ath11kmacgetarvifbyvdevid was not marked as a...
Astra Linux – Vulnerability in Thunderbird, Firefox
Due to the Firefox GTK wrapper code using text/plain for drag data, and GTK treating all text/plain MIME types that contain file URLs as being dragged, a website can arbitrarily read a file by calling DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...
Astra Linux – Vulnerability in WebKit2GTK
The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in WebKit2GTK
There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may result in address bar spoofing...