rpm package
suse/webkit2gtk3&distro=SUSE Linux Enterprise Module for Desktop Applications 15
pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
Vulnerabilities (155)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-4263 | — | < 2.20.5-3.8.1 | 2.20.5-3.8.1 | Apr 3, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | ||
| CVE-2018-4261 | — | < 2.20.5-3.8.1 | 2.20.5-3.8.1 | Apr 3, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | ||
| CVE-2018-4197 | — | < 2.22.5-3.13.1 | 2.22.5-3.13.1 | Apr 3, 2019 | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | ||
| CVE-2018-4191 | — | < 2.22.5-3.13.1 | 2.22.5-3.13.1 | Apr 3, 2019 | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | ||
| CVE-2019-6234 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2019-6233 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2019-6229 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | ||
| CVE-2019-6227 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution | ||
| CVE-2019-6226 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code | ||
| CVE-2019-6217 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code | ||
| CVE-2019-6216 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code | ||
| CVE-2019-6215 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2019-6212 | — | < 2.22.6-3.18.2 | 2.22.6-3.18.2 | Mar 5, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2019-8375 | — | < 2.24.0-3.21.1 | 2.24.0-3.21.1 | Feb 24, 2019 | The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or poss | ||
| CVE-2019-6251 | — | < 2.24.1-3.24.1 | 2.24.1-3.24.1 | Jan 14, 2019 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. | ||
| CVE-2018-4278 | — | < 2.20.5-3.8.1 | 2.20.5-3.8.1 | Jan 11, 2019 | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | ||
| CVE-2018-4262 | — | < 2.20.5-3.8.1 | 2.20.5-3.8.1 | Jan 11, 2019 | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. | ||
| CVE-2018-4213 | — | < 2.22.5-3.13.1 | 2.22.5-3.13.1 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | ||
| CVE-2018-4212 | — | < 2.22.5-3.13.1 | 2.22.5-3.13.1 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | ||
| CVE-2018-4210 | — | < 2.22.5-3.13.1 | 2.22.5-3.13.1 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. |
- CVE-2018-4263Apr 3, 2019affected < 2.20.5-3.8.1fixed 2.20.5-3.8.1
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
- CVE-2018-4261Apr 3, 2019affected < 2.20.5-3.8.1fixed 2.20.5-3.8.1
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
- CVE-2018-4197Apr 3, 2019affected < 2.22.5-3.13.1fixed 2.22.5-3.13.1
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2018-4191Apr 3, 2019affected < 2.22.5-3.13.1fixed 2.22.5-3.13.1
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2019-6234Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-6233Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-6229Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.
- CVE-2019-6227Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2019-6226Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code
- CVE-2019-6217Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code
- CVE-2019-6216Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code
- CVE-2019-6215Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-6212Mar 5, 2019affected < 2.22.6-3.18.2fixed 2.22.6-3.18.2
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8375Feb 24, 2019affected < 2.24.0-3.21.1fixed 2.24.0-3.21.1
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or poss
- CVE-2019-6251Jan 14, 2019affected < 2.24.1-3.24.1fixed 2.24.1-3.24.1
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
- CVE-2018-4278Jan 11, 2019affected < 2.20.5-3.8.1fixed 2.20.5-3.8.1
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
- CVE-2018-4262Jan 11, 2019affected < 2.20.5-3.8.1fixed 2.20.5-3.8.1
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4213Jan 11, 2019affected < 2.22.5-3.13.1fixed 2.22.5-3.13.1
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
- CVE-2018-4212Jan 11, 2019affected < 2.22.5-3.13.1fixed 2.22.5-3.13.1
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
- CVE-2018-4210Jan 11, 2019affected < 2.22.5-3.13.1fixed 2.22.5-3.13.1
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
Page 7 of 8