rpm package
suse/webkit2gtk3&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (166)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-1765 | — | < 2.32.0-3.74.1 | 2.32.0-3.74.1 | Apr 2, 2021 | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. | ||
| CVE-2020-29623 | — | < 2.32.0-3.74.1 | 2.32.0-3.74.1 | Apr 2, 2021 | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unabl | ||
| CVE-2020-13558 | — | < 2.30.5-3.66.1 | 2.30.5-3.66.1 | Mar 3, 2021 | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | ||
| CVE-2020-27918 | — | < 2.32.0-3.74.1 | 2.32.0-3.74.1 | Dec 8, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le | ||
| CVE-2020-9947 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Dec 8, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code e | ||
| CVE-2020-9952 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Oct 16, 2020 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scri | ||
| CVE-2020-9951 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Oct 16, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2020-9948 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Oct 16, 2020 | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | ||
| CVE-2020-13753 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Jul 14, 2020 | The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to dire | ||
| CVE-2020-9802 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Jun 9, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to | ||
| CVE-2020-9805 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Jun 9, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to | ||
| CVE-2020-9803 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Jun 9, 2020 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content m | ||
| CVE-2020-3902 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Apr 1, 2020 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to | ||
| CVE-2020-3901 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Apr 1, 2020 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may | ||
| CVE-2020-3900 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Apr 1, 2020 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content | ||
| CVE-2020-3895 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Apr 1, 2020 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content | ||
| CVE-2020-3894 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Apr 1, 2020 | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. | ||
| CVE-2020-3897 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Apr 1, 2020 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitra | ||
| CVE-2020-3885 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Apr 1, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. | ||
| CVE-2020-10018 | — | < 2.34.3-3.92.1 | 2.34.3-3.92.1 | Mar 2, 2020 | WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. |
- CVE-2021-1765Apr 2, 2021affected < 2.32.0-3.74.1fixed 2.32.0-3.74.1
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
- CVE-2020-29623Apr 2, 2021affected < 2.32.0-3.74.1fixed 2.32.0-3.74.1
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unabl
- CVE-2020-13558Mar 3, 2021affected < 2.30.5-3.66.1fixed 2.30.5-3.66.1
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
- CVE-2020-27918Dec 8, 2020affected < 2.32.0-3.74.1fixed 2.32.0-3.74.1
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may le
- CVE-2020-9947Dec 8, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code e
- CVE-2020-9952Oct 16, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scri
- CVE-2020-9951Oct 16, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2020-9948Oct 16, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2020-13753Jul 14, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to dire
- CVE-2020-9802Jun 9, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to
- CVE-2020-9805Jun 9, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to
- CVE-2020-9803Jun 9, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content m
- CVE-2020-3902Apr 1, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to
- CVE-2020-3901Apr 1, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may
- CVE-2020-3900Apr 1, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content
- CVE-2020-3895Apr 1, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content
- CVE-2020-3894Apr 1, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
- CVE-2020-3897Apr 1, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitra
- CVE-2020-3885Apr 1, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
- CVE-2020-10018Mar 2, 2020affected < 2.34.3-3.92.1fixed 2.34.3-3.92.1
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Page 8 of 9