rpm package

suse/webkit2gtk3&distro=SUSE Linux Enterprise Server 15 SP2-LTSS

pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Vulnerabilities (172)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-9951		—	< 2.34.3-23.3	2.34.3-23.3	Oct 16, 2020	A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9948		—	< 2.34.3-23.3	2.34.3-23.3	Oct 16, 2020	A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-13753		—	< 2.34.3-23.3	2.34.3-23.3	Jul 14, 2020	The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to dire
CVE-2020-9802		—	< 2.34.3-23.3	2.34.3-23.3	Jun 9, 2020	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to
CVE-2020-9805		—	< 2.34.3-23.3	2.34.3-23.3	Jun 9, 2020	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to
CVE-2020-9803		—	< 2.34.3-23.3	2.34.3-23.3	Jun 9, 2020	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content m
CVE-2020-3902		—	< 2.34.3-23.3	2.34.3-23.3	Apr 1, 2020	An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to
CVE-2019-8815		—	< 2.34.3-23.3	2.34.3-23.3	Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may
CVE-2019-8808		—	< 2.34.3-23.3	2.34.3-23.3	Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8782		—	< 2.34.3-23.3	2.34.3-23.3	Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code ex
CVE-2019-8766		—	< 2.34.3-23.3	2.34.3-23.3	Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2014-1745	Hig	7.1	< 2.42.5-150200.104.1	2.42.5-150200.104.1	May 21, 2014	Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related

CVE-2020-9951Oct 16, 2020
affected < 2.34.3-23.3fixed 2.34.3-23.3
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9948Oct 16, 2020
affected < 2.34.3-23.3fixed 2.34.3-23.3
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-13753Jul 14, 2020
affected < 2.34.3-23.3fixed 2.34.3-23.3
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to dire
CVE-2020-9802Jun 9, 2020
affected < 2.34.3-23.3fixed 2.34.3-23.3
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to
CVE-2020-9805Jun 9, 2020
affected < 2.34.3-23.3fixed 2.34.3-23.3
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to
CVE-2020-9803Jun 9, 2020
affected < 2.34.3-23.3fixed 2.34.3-23.3
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content m
CVE-2020-3902Apr 1, 2020
affected < 2.34.3-23.3fixed 2.34.3-23.3
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to
CVE-2019-8815Dec 18, 2019
affected < 2.34.3-23.3fixed 2.34.3-23.3
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may
CVE-2019-8808Dec 18, 2019
affected < 2.34.3-23.3fixed 2.34.3-23.3
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8782Dec 18, 2019
affected < 2.34.3-23.3fixed 2.34.3-23.3
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code ex
CVE-2019-8766Dec 18, 2019
affected < 2.34.3-23.3fixed 2.34.3-23.3
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2014-1745HigMay 21, 2014
affected < 2.42.5-150200.104.1fixed 2.42.5-150200.104.1
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related

Page 9 of 9