CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-30293 – webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-30293
06 May 2022 — In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. En WebKitGTK versiones hasta 2.36.0 (y WPE WebKit), se presenta un desbordamiento del búfer en la región heap de la memoria en la función WebCore::TextureMapperLayer::setContentsLayer en el archivo WebCore/platform/graphics/texmap/TextureMapperLayer.cpp A heap buffer overflow vulnerability was found in WebKitGTK. The ... • http://www.openwall.com/lists/oss-security/2022/05/30/1 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45481 – webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create
https://notcve.org/view.php?id=CVE-2021-45481
25 Dec 2021 — In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. En WebKitGTK versiones anteriores a 2.32.4, se presenta una asignación de memoria incorrecta en la función WebCore::ImageBufferCairoImageSurfaceBackend::create, conllevando una violación de la segmentación y un bloqueo de la aplicación, una vulnerabilidad diferente de CVE-2021-30889 ... • http://www.openwall.com/lists/oss-security/2022/01/21/2 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45482 – webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
https://notcve.org/view.php?id=CVE-2021-45482
25 Dec 2021 — In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. En WebKitGTK versiones anteriores a 2.32.4, se presenta un uso de memoria previamente liberada en la función WebCore::ContainerNode::firstChild, una vulnerabilidad diferente de CVE-2021-30889 A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. WebKitGTK is... • http://www.openwall.com/lists/oss-security/2022/01/21/2 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45483 – webkitgtk: use-after-free in WebCore::Frame::page
https://notcve.org/view.php?id=CVE-2021-45483
25 Dec 2021 — In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. En WebKitGTK versiones anteriores an 2.32.4, se presenta un uso de memoria previamente liberada en la función WebCore::Frame::page, una vulnerabilidad diferente de CVE-2021-30889 A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. WebKitGTK is the port of the portable w... • http://www.openwall.com/lists/oss-security/2022/01/21/2 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-42762 – Debian Security Advisory 4995-1
https://notcve.org/view.php?id=CVE-2021-42762
20 Oct 2021 — BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. El archivo BubblewrapLaunch... • http://www.openwall.com/lists/oss-security/2021/10/26/9 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21806 – webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-21806
08 Jul 2021 — An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Se presenta una vulnerabilidad explotable de uso de la memoria previamente liberada en el navegador WebKitGTK versión 2.30.3 x64. Una página web HTML especialmente diseñada puede causar una condición de uso de memoria previamente liber... • http://www.openwall.com/lists/oss-security/2021/07/23/1 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-21775 – webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
https://notcve.org/view.php?id=CVE-2021-21775
07 Jul 2021 — A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la forma en que se procesan determinados eventos para los objetos ImageLoader de Webkit WebKitGTK versión 2.3... • http://www.openwall.com/lists/oss-security/2021/07/23/1 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-21779 – webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution
https://notcve.org/view.php?id=CVE-2021-21779
26 May 2021 — A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la forma en que el GraphicsContext de Webkit maneja determinados eventos en WebKitGTK versión 2.30.4. Una página web especialment... • http://www.openwall.com/lists/oss-security/2021/07/23/1 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-29623 – webkitgtk: User may be unable to fully delete browsing history
https://notcve.org/view.php?id=CVE-2020-29623
28 Mar 2021 — "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. "Clear History and Website Data" no borró el historial. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-459: Incomplete Cleanup •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-13558 – webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-13558
18 Feb 2021 — A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad AudioSourceProviderGStreamer de Webkit WebKitGTK versión2.30.1. Una página web especialmente diseñada puede conllevar a un uso de la memoria previamente liberada A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE ... • https://security.gentoo.org/glsa/202104-03 • CWE-416: Use After Free •