RSS   Vulnerabilities for 'Webkitgtk'   RSS

2021-07-08
 
CVE-2021-21779

CWE-416
 

 

 
 
CVE-2021-21806

CWE-416
 

 
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.

 
2021-07-07
 
CVE-2021-21775

CWE-416
 

 
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.

 
2021-03-03
 
CVE-2020-13558

CWE-416
 

 
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.

 
2020-12-03
 
CVE-2020-13584

CWE-416
 

 
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

 
 
CVE-2020-13543

CWE-416
 

 
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

 
2020-07-14
 
CVE-2020-13753

CWE-20
 

 
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

 
2020-04-17
 
CVE-2020-11793

CWE-416
 

 
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

 
2020-03-02
 
CVE-2020-10018

CWE-20
 

 
accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocusedNodeChange data structure mishandles removal.

 
2019-04-10
 
CVE-2019-11070

CWE-19
 

 
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.

 


Copyright 2021, cxsecurity.com

 

Back to Top