Page 5 of 116 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. El archivo BubblewrapLauncher.cpp en WebKitGTK y WPE WebKit versiones anteriores a 2.34.1, permite una omisión limitada del sandbox que permite a un proceso con sandbox engañar a procesos anfitriones para que piensen que el proceso con sandbox no está confinado por la sandbox, al abusar de las llamadas al sistema VFS que manipulan su espacio de nombres del sistema de archivos. El impacto se limita a servicios de host que crean sockets UNIX que WebKit monta dentro de su sandbox, y el proceso con sandbox permanece confinado de otra manera. • http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http://www.openwall.com/lists/oss-security/2021/10/27/2 http://www.openwall.com/lists/oss-security/2021/10/27/4 https://bugs.webkit.org/show_bug.cgi?id=231479 https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD https:& •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Se presenta una vulnerabilidad explotable de uso de la memoria previamente liberada en el navegador WebKitGTK versión 2.30.3 x64. Una página web HTML especialmente diseñada puede causar una condición de uso de memoria previamente liberada, resultando en una ejecución de código remota. • http://www.openwall.com/lists/oss-security/2021/07/23/1 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214 https://access.redhat.com/security/cve/CVE-2021-21806 https://bugzilla.redhat.com/show_bug.cgi?id=1980441 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la forma en que se procesan determinados eventos para los objetos ImageLoader de Webkit WebKitGTK versión 2.30.4. Una página web especialmente diseñada puede conllevar a un potencial filtrado de información y una mayor corrupción de memoria. • http://www.openwall.com/lists/oss-security/2021/07/23/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYMMBQN4PRVDLMIJT2LY2BWHLYBD57P3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 https://www.debian.org/security/2021/dsa-4945 https://access.redhat.com/security/cve/CVE-2021-21775 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la forma en que el GraphicsContext de Webkit maneja determinados eventos en WebKitGTK versión 2.30.4. Una página web especialmente diseñada puede conllevar a un potencial filtrado de información y una mayor corrupción de memoria. • http://www.openwall.com/lists/oss-security/2021/07/23/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYMMBQN4PRVDLMIJT2LY2BWHLYBD57P3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238 https://www.debian.org/security/2021/dsa-4945 https://access.redhat.com/security/cve/CVE-2021-21779 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. Se abordó un problema de redirección de puertos con una comprobación de puertos adicional. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS versión 14.4, watchOS versión 7.3, iOS versión 14.4 y iPadOS versión 14.4, Safari versión 14.0.3. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://security.gentoo.org/glsa/202104-03 https://support.apple.com/en-us/HT212146 https://support.apple.com/en-us/HT212147 https://support.apple.com/en-us/HT212148 https://support.apple.com/en-us/HT212149 https://support.apple.com/en-us/HT212152 https:/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •