CVE-2023-25360 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
https://notcve.org/view.php?id=CVE-2023-25360
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. • http://www.openwall.com/lists/oss-security/2023/04/21/3 https://bugs.webkit.org/show_bug.cgi?id=242686 https://security.gentoo.org/glsa/202305-32 https://access.redhat.com/security/cve/CVE-2023-25360 https://bugzilla.redhat.com/show_bug.cgi?id=2175101 • CWE-416: Use After Free •
CVE-2023-25362 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps()
https://notcve.org/view.php?id=CVE-2023-25362
A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. • http://www.openwall.com/lists/oss-security/2023/04/21/3 https://bugs.webkit.org/show_bug.cgi?id=244802 https://security.gentoo.org/glsa/202305-32 https://access.redhat.com/security/cve/CVE-2023-25362 https://bugzilla.redhat.com/show_bug.cgi?id=2175105 • CWE-416: Use After Free •
CVE-2023-25358 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
https://notcve.org/view.php?id=CVE-2023-25358
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. • http://www.openwall.com/lists/oss-security/2023/04/21/3 https://bugs.webkit.org/show_bug.cgi?id=242683 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A https://security.gentoo.org/glsa/202305-32 https:/ • CWE-416: Use After Free •
CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 http://seclists.org/fulldisclosure/2022/Oct/49 http://www.openwall.com/lists/oss-security/2022/08/25/5 http://www.openwall.com/lists/oss-security/2022/08/26/2 http://www.openwall.com/lists/oss-security/2022/08/29/1 http://www.openwall.com/lists/oss-security/2022/08/29/2 http://www.openwall.com/lists/oss-security/2022/09/02/10 http://www.openwall.com/lists/oss-security/2022/09/13/1 https://lis • CWE-787: Out-of-bounds Write •
CVE-2022-2294 – WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-2294
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome versiones anteriores a 103.0.5060.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome. • http://www.openwall.com/lists/oss-security/2022/07/28/2 https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html https://crbug.com/1341043 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-35 https://security.gentoo.org/glsa/202208-39 https://sec • CWE-787: Out-of-bounds Write •