CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-1765 – webkitgtk: IFrame sandboxing policy violation
https://notcve.org/view.php?id=CVE-2021-1765
02 Feb 2021 — This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. Este problema es abordado con una aplicación del sandbox de iframe mejorada. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 4%CPEs: 26EXPL: 0CVE-2021-1789 – Apple Multiple Products Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2021-1789
02 Feb 2021 — A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de confusión de tipos con un manejo del estado mejorado. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Up... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-1799 – webkitgtk: Access to restricted ports on arbitrary servers via port redirection
https://notcve.org/view.php?id=CVE-2021-1799
02 Feb 2021 — A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. Se abordó un problema de redirección de puertos con una comprobación de puertos adicional. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Cata... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1801 – webkitgtk: IFrame sandboxing policy violation
https://notcve.org/view.php?id=CVE-2021-1801
02 Feb 2021 — This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Este problema es abordado con una aplicación del sandbox de iframe mejorado. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchO... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2021-1870 – Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1870
27 Jan 2021 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Se abordó un problema de lógica con unas restricciones mejoradas. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 1CVE-2020-13543 – webkitgtk: use-after-free may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-13543
03 Dec 2020 — A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad WebSocket de Webkit WebKitGTK versión 2.30.0. Una página web especialmente diseñada puede desencadenar una vulnerabilidad de uso de la memoria pre... • https://security.gentoo.org/glsa/202012-10 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 1CVE-2020-13584 – webkitgtk: use-after-free may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-13584
28 Nov 2020 — An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. Se presenta una vulnerabilidad explotable de uso de la memoria previamente liberada en el navegador WebKitGTK versión 2.30.1 x64. Una página web HTML especialmente diseñada puede causar una condición de uso de la memoria previa... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13753 – Ubuntu Security Notice USN-4648-1
https://notcve.org/view.php?id=CVE-2020-13753
14 Jul 2020 — The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. El sandbox bubblewrap de WebKitGTK y WPE WebKit, versiones anteriores a 2.28.3, no pudo bloquear apropiadamen... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-11793 – webkitgtk: use-after-free via crafted web content
https://notcve.org/view.php?id=CVE-2020-11793
17 Apr 2020 — A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Hay un uso de la memoria previamente liberada en WebKitGTK versiones anteriores a la versión 2.28.1 y WPE WebKit versiones anteriores a la versión 2.28.1, por medio de un contenido web especialmente diseñado que permite a atacantes remotos ejecutar código arbitrario o causar... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10018 – webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
https://notcve.org/view.php?id=CVE-2020-10018
02 Mar 2020 — WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. WebKitGTK hasta la versión 2.26.4 y WPE WebKit hasta la versión 2.26.4 (que son las versiones anteriores a la versión 2.28.0) contiene un problema de corrupción de memoria (use-after-free) que puede conducir a la ejecución de código arbitrario. Este ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •