[3.6] webkit2gtk: Several vulnerabilities (Various CVEs)ID: oval:org.secpod.oval:def:1800089 | Date: (C)2018-03-28 (M)2024-01-29 |
Class: PATCH | Family: unix |
CVE-2016-9643:The regex code in WebKit allows remote attackers to cause a denial of service as demonstrated in a large number of . Versions affected: WebKitGTK+ before 2.14.6 CVE-2017-2367: This issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2377: This issue involves the WebKit Web Inspector component. It allows attackers to cause a denial of service by leveraging a window-close action during a debugger-pause state. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2392: This issue allows attackers to execute arbitrary code or cause a denial of service via a crafted app. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2394: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2415: This issue allows remote attackers to execute arbitrary code by leveraging an unspecified type confusion.. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2419: This issue allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2442: This issue involves the WebKit JavaScript Bindings component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2446: This issue allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2454: This issue allows allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2459: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2460: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2465: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2466: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2468: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2470: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2471: A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2475: This issue allows remote attackers to conduct Universal XSS attacks via crafted use of frames on a web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2476: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6. CVE-2017-2481: This issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Versions affected: WebKitGTK+ before 2.14.6.
Platform: |
Alpine Linux 3.6 |