CVSS: 8.8EPSS: 59%CPEs: 5EXPL: 1CVE-2018-12293 – WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2018-12293
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. La función getImageData en la clase ImageBufferCairo en WebCore/platform/graphics/cairo/ImageBufferCairo.cpp en WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.3 y WPE WebKit en versiones anteriores a la 2.20.1, es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) desencadenado por un desbordamiento de enteros, que podría ser empleado por contenido HTML manipulado. • https://www.exploit-db.com/exploits/45205 http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html http://www.openwall.com/lists/oss-security/2018/06/14/1 http://www.securityfocus.com/archive/1/542087/100/0/threaded https://bugs.webkit.org/show_bug.cgi?id=186384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/232618 https://usn.ubuntu.com/3687-1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11713 – webkitgtk: WebSockets don't use system proxy settings
https://notcve.org/view.php?id=CVE-2018-11713
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp en el backend de red de WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.0 o sin libsoup 2.62.0, falló inesperadamente a la hora de emplear las opciones de proxy del sistema para las conexiones WebSocket. Como resultado, los usuarios pueden perder su anonimato mediante sitios web manipulados a los que se accede a través de una conexión WebSocket. • https://bugs.webkit.org/show_bug.cgi?id=126384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/228088/webkit https://access.redhat.com/security/cve/CVE-2018-11713 https://bugzilla.redhat.com/show_bug.cgi?id=1588739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11712 – webkitgtk: Improper TLS certificate verification for WebSocket connections
https://notcve.org/view.php?id=CVE-2018-11712
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp en el backend de red de WebKit, tal y como se emplea en WebKitGTK+ 2.20.0 y 2.20.1, no pudo realizar la verificación de certificados TLS para las conexiones WebSocket. • https://bugs.webkit.org/show_bug.cgi?id=184804 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/230886/webkit https://access.redhat.com/security/cve/CVE-2018-11712 https://bugzilla.redhat.com/show_bug.cgi?id=1588742 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 82%CPEs: 1EXPL: 3CVE-2018-11646 – WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service
https://notcve.org/view.php?id=CVE-2018-11646
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. webkitFaviconDatabaseSetIconForPageURL y webkitFaviconDatabaseSetIconURLForPageURL en UIProcess/API/glib/WebKitFaviconDatabase.cpp en WebKit, tal y como se distribuye en Safari Technology Preview Release 57, gestiona de manera incorrecta una pageURL no establecida, lo que conduce a un cierre inesperado de la aplicación. • https://www.exploit-db.com/exploits/44876 https://www.exploit-db.com/exploits/44842 https://bugs.webkit.org/show_bug.cgi?id=186164 https://bugzilla.gnome.org/show_bug.cgi?id=795740 https://security.gentoo.org/glsa/201808-04 https://www.inputzero.io/2018/06/cve-2018-11646-webkit.html •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-4133
https://notcve.org/view.php?id=CVE-2018-4133
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Se ha descubierto un problema en algunos productos Apple. • http://www.securityfocus.com/bid/103580 http://www.securitytracker.com/id/1040606 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208695 https://usn.ubuntu.com/3635-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •