Vulners
Lucene search
WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities
| Reporter | Title | Published | Views | Family All 193 |
|---|---|---|---|---|
 | WebKit - detachWrapper Use-After-Free Exploit | 1 Feb 201800:00 | – | zdt |
 | webkit2-gtk3 -- multiple vulnerabilities | 18 Oct 201700:00 | – | freebsd |
 | Apple Safari < 11.0.2 Multiple Vulnerabilities | 8 Apr 201900:00 | – | nessus |
| Apple Safari < 11.0.3 Multiple Vulnerabilities | 8 Apr 201900:00 | – | nessus |
| macOS 10.13.x < 10.13.3 Multiple Vulnerabilities | 10 Apr 201900:00 | – | nessus |
| Apple iOS < 11.2 Multiple Vulnerabilities (APPLE-SA-2017-12-13-6) | 17 Apr 201900:00 | – | nessus |
| Apple iOS < 11.2.5 Multiple Vulnerabilities (APPLE-SA-2018-1-23-1) | 17 Apr 201900:00 | – | nessus |
| Apple TV < 11.2 Multiple Vulnerabilities | 5 Jan 201800:00 | – | nessus |
| Apple iOS < 11.2.5 Multiple Vulnerabilities | 25 Jan 201800:00 | – | nessus |
| Apple iOS < 11.2 Multiple Vulnerabilities | 7 Dec 201700:00 | – | nessus |
10
WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities
Advisory URL : https://webkitgtk.org/security/WSA-2018-0002.html
CVE identifiers : CVE-2018-4088, CVE-2018-4089, CVE-2018-4096,
CVE-2017-7153, CVE-2017-7160, CVE-2017-7161,
CVE-2017-7165, CVE-2017-13884, CVE-2017-13885.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2018-4088
Versions affected: WebKitGTK+ before 2.18.6.
Credit to Jeonghoon Shin of Theori.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2018-4089
Versions affected: WebKitGTK+ before 2.18.4.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2018-4096
Versions affected: WebKitGTK+ before 2.18.6.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-7153
Versions affected: WebKitGTK+ before 2.18.6.
Credit to Jerry Decime.
Impact: Visiting a malicious website may lead to user interface
spoofing. Description: Redirect responses to 401 Unauthorized may
allow a malicious website to incorrectly display the lock icon on
mixed content. This issue was addressed through improved URL display
logic.
CVE-2017-7160
Versions affected: WebKitGTK+ before 2.18.6.
Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-7161
Versions affected: WebKitGTK+ before 2.18.6.
Credit to Mitin Svyat.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A command injection issue
existed in Web Inspector. This issue was addressed through improved
escaping of special characters.
CVE-2017-7165
Versions affected: WebKitGTK+ before 2.18.6.
Credit to 360 Security working with Trend Micro's Zero Day
Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13884
Versions affected: WebKitGTK+ before 2.18.6.
Credit to 360 Security working with Trend Micro's Zero Day
Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-13885
Versions affected: WebKitGTK+ before 2.18.6.
Credit to 360 Security working with Trend Micro's Zero Day
Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
January 24, 2018
# 0day.today [2018-04-14] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jan 2018 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.06468