Astra Linux - уязвимость в webkit2gtk

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability...

EUVD-2018-10071

Malware in sbrugna...

EUVD-2023-43626

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-39928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause...

RLSA-2024:2982 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-40414 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-42852 webkitgtk: Processing...

webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports

A use-after-free vulnerability was found in the WebKitGTK's MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability...

Oracle Linux 9 : webkit2gtk3 (ELSA-2024-2126)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2126 advisory. 2.42.5-1 - Update to 2.42.5 Resolves: RHEL-3960 2.42.4-1 - Update to 2.42.4 Resolves: RHEL-3960 Resolves: RHEL-19366 2.42.3-1 - Update to 2.42.3...

webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports

A use-after-free vulnerability was found in the WebKitGTK's MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

openSUSE Security Advisory (SUSE-SU-2024:0004-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:0004-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0004-1 advisory. - This issue was addressed with improved redaction of sensitive information. This issue is fixed...

SUSE-SU-2024:0004-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution bsc1218033. - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service bsc1218032. - CVE-2023-41074: Fixed use-after-free...

SUSE-SU-2024:0003-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution bsc1218033. - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service bsc1218032. - CVE-2023-41074: Fixed use-after-free...

SUSE-SU-2024:0002-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution bsc1218033. - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service bsc1218032. - CVE-2023-41074: Fixed use-after-free...

SUSE-SU-2023:4978-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution bsc1218033. - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service bsc1218032. - CVE-2023-41074: Fixed use-after-free...

Debian DSA-5527-1 : webkit2gtk - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5527 advisory. The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-39928 Marcin Noga discovered that a specially crafted web page can...

[SECURITY] [DSA 5527-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5527-1 [email protected] https://www.debian.org/security/ Alberto Garcia October 12, 2023 https://www.debian.org/security/faq -...

Ubuntu 22.04 LTS / 23.04 : WebKitGTK vulnerabilities (USN-6426-1)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6426-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a...

CVE-2023-39928

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability...

Design/Logic Flaw

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability...