CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32370 – webkitgtk: content security policy blacklist failure
https://notcve.org/view.php?id=CVE-2023-32370
06 Sep 2023 — A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. Se abordó un problema de lógica con una comprobación mejorada. Este problema es corregido en macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-28198 – Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28198
04 Aug 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Se ha solucionado un problema de use-after-free con una mejora en la gestión de memoria. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4, macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 5%CPEs: 7EXPL: 0CVE-2023-37450 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-37450
12 Jul 2023 — The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A vulnerability was found in webkitgtk. • https://security.gentoo.org/glsa/202401-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-32373 – Apple Multiple Products WebKit Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-32373
30 May 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A use after free vulnerability was found in the webkitgtk package. • https://security.gentoo.org/glsa/202401-04 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2023-28204 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-28204
30 May 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. A flaw was found in the webkitgtk package. • https://security.gentoo.org/glsa/202401-04 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-25358 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
https://notcve.org/view.php?id=CVE-2023-25358
02 Mar 2023 — A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities. • http://www.openwall.com/lists/oss-security/2023/04/21/3 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25360 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
https://notcve.org/view.php?id=CVE-2023-25360
02 Mar 2023 — A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities. • http://www.openwall.com/lists/oss-security/2023/04/21/3 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25361 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()
https://notcve.org/view.php?id=CVE-2023-25361
02 Mar 2023 — A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities. • http://www.openwall.com/lists/oss-security/2023/04/21/3 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25362 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps()
https://notcve.org/view.php?id=CVE-2023-25362
02 Mar 2023 — A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities. • http://www.openwall.com/lists/oss-security/2023/04/21/3 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25363 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags()
https://notcve.org/view.php?id=CVE-2023-25363
02 Mar 2023 — A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities. • http://www.openwall.com/lists/oss-security/2023/04/21/3 • CWE-416: Use After Free •