CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2021-1870 – Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1870
27 Jan 2021 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Se abordó un problema de lógica con unas restricciones mejoradas. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13753 – Ubuntu Security Notice USN-4648-1
https://notcve.org/view.php?id=CVE-2020-13753
14 Jul 2020 — The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. El sandbox bubblewrap de WebKitGTK y WPE WebKit, versiones anteriores a 2.28.3, no pudo bloquear apropiadamen... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-11793 – webkitgtk: use-after-free via crafted web content
https://notcve.org/view.php?id=CVE-2020-11793
17 Apr 2020 — A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Hay un uso de la memoria previamente liberada en WebKitGTK versiones anteriores a la versión 2.28.1 y WPE WebKit versiones anteriores a la versión 2.28.1, por medio de un contenido web especialmente diseñado que permite a atacantes remotos ejecutar código arbitrario o causar... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10018 – webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
https://notcve.org/view.php?id=CVE-2020-10018
02 Mar 2020 — WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. WebKitGTK hasta la versión 2.26.4 y WPE WebKit hasta la versión 2.26.4 (que son las versiones anteriores a la versión 2.28.0) contiene un problema de corrupción de memoria (use-after-free) que puede conducir a la ejecución de código arbitrario. Este ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7324
https://notcve.org/view.php?id=CVE-2013-7324
17 Feb 2020 — Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. Webkit-GTK versiones 2.x (cualquier versión con soporte de audio/video de HTML5 basado en GStreamer), permite a atacantes remotos activar un volumen de sonido inesperadamente alto por medio de un JavaScript malicioso. N... • http://www.openwall.com/lists/oss-security/2014/02/10/13 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-3867 – webkitgtk: Incorrect state management leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2020-3867
30 Jan 2020 — A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS versión 13.3.1, Safari versión 13.0.5, iTunes para Wind... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 41EXPL: 0CVE-2019-8720 – WebKitGTK Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-8720
08 Oct 2019 — A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. • https://bugzilla.redhat.com/show_bug.cgi?id=1876611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8674 – webkitgtk: Incorrect state management leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2019-8674
27 Sep 2019 — A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. Un problema lógico fue abordado mejorando la gestión del estado. Este problema es corregido en iOS versión 13, Safari versión 13. • https://security.gentoo.org/glsa/202003-22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 0CVE-2019-11070 – webkitgtk: HTTP proxy setting deanonymization information disclosure
https://notcve.org/view.php?id=CVE-2019-11070
10 Apr 2019 — WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. WebKitGTK y WPE WebKit en las versiones anteriores a 2.24.1 no aplican correctamente la configuración del proxy HTTP al descargar vídeo en directo (HLS, DASH o Smooth Streaming), lo que provocó un error de desanonimización. Est... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 2CVE-2019-8375 – WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
https://notcve.org/view.php?id=CVE-2019-8375
24 Feb 2019 — The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). El su... • https://www.exploit-db.com/exploits/46465 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •