20 matches found
openSUSE: Security Advisory for webkit2gtk3 (SUSE-SU-2023:3233-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for webkit2gtk3 (SUSE-SU-2023:3419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : webkit2gtk3 (RHSA-2023:7055)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7055 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution...
RHEL 9 : webkit2gtk3 (RHSA-2023:6535)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6535 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution...
SUSE-SU-2023:3419-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 bsc1213905: - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. -...
SUSE: Security Advisory (SUSE-SU-2023:3237-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:3237-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 bsc1213905: - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. -...
CVE-2023-38599
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information...
Updated webkit2 packages fix security vulnerability
HTML document may be able to render iframes with sensitive user information CVE-2022-0108 maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32885 use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code ...
CVE-2023-27954
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information...
Fedora 36 : webkit2gtk3 (2023-8900b35c6f)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8900b35c6f advisory. The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still...
SUSE: Security Advisory (SUSE-SU-2023:2077-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : webkitgtk (2023-a4bbf02a57)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a4bbf02a57 advisory. The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still...
SUSE-SU-2023:2077-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 bsc1210731: - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin...
SUSE-SU-2023:2056-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 bsc1210731: - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin...
CVE-2022-22594
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information...
CVE-2022-22594
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information...
Malicious Package
reqest is a malicious package which typosquatted a popular package with a similar name. It tracks user information such as name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo and uploaded the information to a remote server...
Malicious Package
Overview All versions of momen typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...
CVE-2017-16126
The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked test, require,...