AlmaLinux 9 : webkit2gtk3 (ALSA-2023:2256)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2256 advisory. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing...

[SECURITY] [DLA 3419-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3419-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 12, 2023 https://wiki.debian.org/LTS -...

RHEL 9 : webkit2gtk3 (RHSA-2023:2256)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2256 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: use-after-free issue leadi...

CVE-2023-2444

A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...

webkitgtk: Same Origin Policy bypass issue

A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...

Important: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ALSA-2023:2256 Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code execution CVE-2023-23517 webkitgtk: memory...

DEBIAN-CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

Design/Logic Flaw

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

PostMessage Wildcard Event Listener Detected

Web applications relying on JavaScript often need to perform cross-origin communication between Window objects such as a page and an embedded iframe or a popup window. The postMessage API allows developers to circumvent the same-origin policy restrictions in order to exchange data between scripts...

SUSE CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

Debian: Security Advisory (DSA-5397-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5397-1] wpewebkit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5397-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 03, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5396-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5396-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 03, 2023 https://www.debian.org/security/faq -...

PT-2023-20577 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.2.3 Apache CouchDB versions prior to 3.3.2 Description: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design...