CVSS: 8.8EPSS: 0%CPEs: 41EXPL: 0CVE-2019-8720 – WebKitGTK Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-8720
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. • https://bugzilla.redhat.com/show_bug.cgi?id=1876611 https://webkitgtk.org/security/WSA-2019-0005.html https://access.redhat.com/security/cve/CVE-2019-8720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8674 – webkitgtk: Incorrect state management leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2019-8674
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. Un problema lógico fue abordado mejorando la gestión del estado. Este problema es corregido en iOS versión 13, Safari versión 13. • https://security.gentoo.org/glsa/202003-22 https://support.apple.com/HT210606 https://support.apple.com/HT210608 https://access.redhat.com/security/cve/CVE-2019-8674 https://bugzilla.redhat.com/show_bug.cgi?id=1876608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 0CVE-2019-11070 – webkitgtk: HTTP proxy setting deanonymization information disclosure
https://notcve.org/view.php?id=CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. WebKitGTK y WPE WebKit en las versiones anteriores a 2.24.1 no aplican correctamente la configuración del proxy HTTP al descargar vídeo en directo (HLS, DASH o Smooth Streaming), lo que provocó un error de desanonimización. Este problema se corrigió cambiando la forma en que se descargan las transmisiones en directo. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html http://www.openwall.com/lists/oss-security/2019/04/11/1 https://bugs.webkit.org/show_bug.cgi?id=193718 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ https://seclists.org/bugtraq/2019/ • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 9%CPEs: 6EXPL: 2CVE-2019-8375 – WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
https://notcve.org/view.php?id=CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). El subsistema UIProcess en WebKit, tal y como se utiliza en WebKitGTK, hasta la versión 2.23.90, y WebKitGTK+, hasta la versión 2.22.6 y otros productos, no evita que el tamaño del diálogo del script sobrepase el tamaño de la vista web, lo que permite que los atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer) o, posiblemente, otro tipo de impacto sin especificar. Esto está relacionado con UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp y UIProcess/API/gtk/WebKitWebViewGtk.cpp, tal y como queda demostrado por GNOME Web (también conocido como Epiphany). • https://www.exploit-db.com/exploits/46465 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.html https://bugs.webkit.org/show_bug.cgi?id=184875 https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531 https://trac.webkit.org/changeset/241515/webkit https://usn.ubuntu.com/3948-1 https://www.inputzero.io/2019/02/fuzzing-webkit.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 10EXPL: 1CVE-2019-6251 – webkitgtk: processing maliciously crafted web content lead to URI spoofing
https://notcve.org/view.php?id=CVE-2019-6251
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. WebKitGTK y WPE WebKit versiones anteriores a 2.24.1 permite la suplantación de la barra de direcciones en determinadas redirecciones de JavaScript. Un atacante puede hacer que el contenido web malicioso se muestre como si se tratara de una URL de confianza. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html http://www.openwall.com/lists/oss-security/2019/04/11/1 https://bugs.webkit.org/show_bug.cgi?id=194208 https://gitlab.gnome.org/GNOME/epiphany/issues/532 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3 • CWE-20: Improper Input Validation •