DSA-4681-1 webkit2gtk -- webkit2gtkID: oval:org.secpod.oval:def:604841 | Date: (C)2020-05-26 (M)2023-11-18 |
Class: PATCH | Family: unix |
The following vulnerability has been discovered in the libwebkit2gtk-4.0-dev web engine: CVE-2020-3885 Ryan Pickren discovered that a file URL may be incorrectly processed. CVE-2020-3894 Sergei Glazunov discovered that a race condition may allow an application to read restricted memory. CVE-2020-3895 grigoritchy discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3897 Brendan Draper discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-3899 OSS-Fuzz discovered that A remote attacker may be able to cause arbitrary code execution. CVE-2020-3900 Dongzhuo Zhao discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3901 Benjamin Randazzo discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3902 Yigit Can Yilmaz discovered that processing maliciously crafted web content may lead to a cross site scripting attack.
Product: |
libwebkit2gtk-4.0-doc |
gir1.2-javascriptcoregtk-4.0 |
libwebkit2gtk-4.0-dev |
libjavascriptcoregtk-4.0-bin |
gir1.2-webkit2-4.0 |
libjavascriptcoregtk-4.0-dev |
libwebkit2gtk-4.0-37 |
webkit2gtk-driver |
libjavascriptcoregtk-4.0-18 |