CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 0CVE-2019-11070 – webkitgtk: HTTP proxy setting deanonymization information disclosure
https://notcve.org/view.php?id=CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. WebKitGTK y WPE WebKit en las versiones anteriores a 2.24.1 no aplican correctamente la configuración del proxy HTTP al descargar vídeo en directo (HLS, DASH o Smooth Streaming), lo que provocó un error de desanonimización. Este problema se corrigió cambiando la forma en que se descargan las transmisiones en directo. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html http://www.openwall.com/lists/oss-security/2019/04/11/1 https://bugs.webkit.org/show_bug.cgi?id=193718 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ https://seclists.org/bugtraq/2019/ • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 10EXPL: 1CVE-2019-6251 – webkitgtk: processing maliciously crafted web content lead to URI spoofing
https://notcve.org/view.php?id=CVE-2019-6251
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. WebKitGTK y WPE WebKit versiones anteriores a 2.24.1 permite la suplantación de la barra de direcciones en determinadas redirecciones de JavaScript. Un atacante puede hacer que el contenido web malicioso se muestre como si se tratara de una URL de confianza. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html http://www.openwall.com/lists/oss-security/2019/04/11/1 https://bugs.webkit.org/show_bug.cgi?id=194208 https://gitlab.gnome.org/GNOME/epiphany/issues/532 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 59%CPEs: 5EXPL: 1CVE-2018-12293 – WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2018-12293
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. La función getImageData en la clase ImageBufferCairo en WebCore/platform/graphics/cairo/ImageBufferCairo.cpp en WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.3 y WPE WebKit en versiones anteriores a la 2.20.1, es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) desencadenado por un desbordamiento de enteros, que podría ser empleado por contenido HTML manipulado. • https://www.exploit-db.com/exploits/45205 http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html http://www.openwall.com/lists/oss-security/2018/06/14/1 http://www.securityfocus.com/archive/1/542087/100/0/threaded https://bugs.webkit.org/show_bug.cgi?id=186384 https://security.gentoo.org/glsa/201808-04 https://trac.webkit.org/changeset/232618 https://usn.ubuntu.com/3687-1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •