rpm package
almalinux/webkit2gtk3
pkg:rpm/almalinux/webkit2gtk3
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-13558 | — | < 2.32.3-2.el8 | 2.32.3-2.el8 | Mar 3, 2021 | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | ||
| CVE-2020-36241 | — | < 2.32.3-2.el8 | 2.32.3-2.el8 | Feb 5, 2021 | autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | ||
| CVE-2020-27918 | — | < 2.32.3-2.el8 | 2.32.3-2.el8 | Dec 8, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le | ||
| CVE-2014-1745 | Hig | 7.1 | < 2.42.5-1.el9 | 2.42.5-1.el9 | May 21, 2014 | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related |
- CVE-2020-13558Mar 3, 2021affected < 2.32.3-2.el8fixed 2.32.3-2.el8
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
- CVE-2020-36241Feb 5, 2021affected < 2.32.3-2.el8fixed 2.32.3-2.el8
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
- CVE-2020-27918Dec 8, 2020affected < 2.32.3-2.el8fixed 2.32.3-2.el8
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le
- affected < 2.42.5-1.el9fixed 2.42.5-1.el9
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related
Page 12 of 12