CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 0CVE-2023-40397 – webkitgtk: arbitrary javascript code execution
https://notcve.org/view.php?id=CVE-2023-40397
06 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. El problema se solucionó mejorando las comprobaciones. Este problema se solucionó en macOS Ventura 13.5. • http://www.openwall.com/lists/oss-security/2023/09/11/1 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32370 – webkitgtk: content security policy blacklist failure
https://notcve.org/view.php?id=CVE-2023-32370
06 Sep 2023 — A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. Se abordó un problema de lógica con una comprobación mejorada. Este problema es corregido en macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-28198 – Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28198
04 Aug 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Se ha solucionado un problema de use-after-free con una mejora en la gestión de memoria. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4, macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
19 Aug 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 31EXPL: 0CVE-2022-2294 – WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-2294
22 Jul 2022 — Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome versiones anteriores a 103.0.5060.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malic... • http://www.openwall.com/lists/oss-security/2022/07/28/2 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-42762 – Debian Security Advisory 4995-1
https://notcve.org/view.php?id=CVE-2021-42762
20 Oct 2021 — BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. El archivo BubblewrapLaunch... • http://www.openwall.com/lists/oss-security/2021/10/26/9 •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2020-13753 – Ubuntu Security Notice USN-4648-1
https://notcve.org/view.php?id=CVE-2020-13753
14 Jul 2020 — The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. El sandbox bubblewrap de WebKitGTK y WPE WebKit, versiones anteriores a 2.28.3, no pudo bloquear apropiadamen... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-11793 – webkitgtk: use-after-free via crafted web content
https://notcve.org/view.php?id=CVE-2020-11793
17 Apr 2020 — A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Hay un uso de la memoria previamente liberada en WebKitGTK versiones anteriores a la versión 2.28.1 y WPE WebKit versiones anteriores a la versión 2.28.1, por medio de un contenido web especialmente diseñado que permite a atacantes remotos ejecutar código arbitrario o causar... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 0CVE-2020-10018 – webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
https://notcve.org/view.php?id=CVE-2020-10018
02 Mar 2020 — WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. WebKitGTK hasta la versión 2.26.4 y WPE WebKit hasta la versión 2.26.4 (que son las versiones anteriores a la versión 2.28.0) contiene un problema de corrupción de memoria (use-after-free) que puede conducir a la ejecución de código arbitrario. Este ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 10.0EPSS: 13%CPEs: 41EXPL: 0CVE-2019-8720 – WebKitGTK Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-8720
08 Oct 2019 — A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. • https://bugzilla.redhat.com/show_bug.cgi?id=1876611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •