Page 2 of 13 results (0.010 seconds)

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. El archivo BubblewrapLauncher.cpp en WebKitGTK y WPE WebKit versiones anteriores a 2.34.1, permite una omisión limitada del sandbox que permite a un proceso con sandbox engañar a procesos anfitriones para que piensen que el proceso con sandbox no está confinado por la sandbox, al abusar de las llamadas al sistema VFS que manipulan su espacio de nombres del sistema de archivos. El impacto se limita a servicios de host que crean sockets UNIX que WebKit monta dentro de su sandbox, y el proceso con sandbox permanece confinado de otra manera. • http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http://www.openwall.com/lists/oss-security/2021/10/27/2 http://www.openwall.com/lists/oss-security/2021/10/27/4 https://bugs.webkit.org/show_bug.cgi?id=231479 https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD https:& •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. El sandbox bubblewrap de WebKitGTK y WPE WebKit, versiones anteriores a 2.28.3, no pudo bloquear apropiadamente el acceso a CLONE_NEWUSER y al ioctl TIOCSTI. CLONE_NEWUSER podría ser usada potencialmente para confundir xdg-desktop-portal, que permite el acceso fuera del sandbox. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM https://security.gentoo.org/glsa/202007-11 https://trac.webkit.org/changeset/262368/webkit https://usn.ubuntu.com/4422-1 https://www.debian.org/security/2020/dsa-4724 https://www.openwall.com/lists/oss-security/2020/07/10/1 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Hay un uso de la memoria previamente liberada en WebKitGTK versiones anteriores a la versión 2.28.1 y WPE WebKit versiones anteriores a la versión 2.28.1, por medio de un contenido web especialmente diseñado que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y bloqueo de aplicación). A use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6 https://security.gentoo.org/glsa/202006-08 https://usn.ubuntu.com/4331-1 https://webkitg • CWE-416: Use After Free •

CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. WebKitGTK hasta la versión 2.26.4 y WPE WebKit hasta la versión 2.26.4 (que son las versiones anteriores a la versión 2.28.0) contiene un problema de corrupción de memoria (use-after-free) que puede conducir a la ejecución de código arbitrario. Este problema se ha solucionado en 2.28.0 con un manejo mejorado de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html https://bugs.webkit.org/show_bug.cgi?id=204342#c21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF https://security.gentoo.org/glsa/202006-08 https://usn.ubuntu.com/4310-1 https://webkitgtk.org/security/WSA-2020-0003.html https://wpewebki • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 41EXPL: 0

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. • https://bugzilla.redhat.com/show_bug.cgi?id=1876611 https://webkitgtk.org/security/WSA-2019-0005.html https://access.redhat.com/security/cve/CVE-2019-8720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •