Debian Webkit2Gtk vulnerabilities

CVE-2021-1817 [HIGH] CVE-2021-1817: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss... A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved (fixed in 2.30

CVE-2021-30795 [HIGH] CVE-2021-30795: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.32.3-1) bullseye: resolved (fixed in 2.32.3-1) forky: resolved (fixed in 2.32.

CVE-2021-1765 [MEDIUM] CVE-2021-1765: webkit2gtk - This issue was addressed with improved iframe sandbox enforcement. This issue is... This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. Scope: local bookworm: resolved (fixed in 2.30.6-1) bullseye: resolved (fixed in 2.30.6-1) forky: resolved (fixed in

CVE-2021-30744 [MEDIUM] CVE-2021-30744: webkit2gtk - Description: A cross-origin issue with iframe elements was addressed with improv... Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. Scope: local bookworm: resolved (fixed in 2.32.3-1) bul

CVE-2021-1826 [MEDIUM] CVE-2021-1826: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m... A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved (fixed in 2.30.1-1) si

CVE-2021-1820 [MEDIUM] CVE-2021-1820: webkit2gtk - A memory initialization issue was addressed with improved memory handling. This ... A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved

CVE-2021-1825 [MEDIUM] CVE-2021-1825: webkit2gtk - An input validation issue was addressed with improved input validation. This iss... An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. Scope: local bookworm: resolved (fixed in 2.30.1

CVE-2021-1799 [MEDIUM] CVE-2021-1799: webkit2gtk - A port redirection issue was addressed with additional port validation. This iss... A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. Scope: local bookworm: resolved (fix

CVE-2021-30884 [MEDIUM] CVE-2021-30884: webkit2gtk - The issue was resolved with additional restrictions on CSS compositing. This iss... The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history. Scope: local bookworm: resolved (fixed in 2.34.1-1) bullseye: resolved (fixed in 2.34.1-1~deb11u1) forky: resolved (fixed in 2.34.1-1) sid: resolved

CVE-2021-30682 [MEDIUM] CVE-2021-30682: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in t... A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. Scope: local bookworm: resolved (fixed in 2.32.0-2) bullseye: resolved (fixed in 2.32.0-2) forky: resolved (fixed in 2.32.0-2)

CVE-2021-30890 [MEDIUM] CVE-2021-30890: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. Scope: local bookworm: resolved (fixed in 2.34.3-1) bullseye: resolved (fixed in 2.34.3-1~deb11u1) forky: resolved (fixe

CVE-2021-30720 [MEDIUM] CVE-2021-30720: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in t... A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. Scope: local bookworm: resolved (fixed in 2.32.3-1) bullseye: resolved (fixed in 2.32.3-1) forky: resolved (fixed in 2

CVE-2021-30689 [MEDIUM] CVE-2021-30689: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. Scope: local bookworm: resolved (fixed in 2.32.3-1) bullseye: resolved (fixed in 2.32.3-1) forky: resolved (

CVE-2021-30836 [MEDIUM] CVE-2021-30836: webkit2gtk - An out-of-bounds read was addressed with improved input validation. This issue i... An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory. Scope: local bookworm: resolved (fixed in 2.32.4-1) bullseye: resolved (fixed in 2.32.4-1~deb11u1) forky: resolved (fixed in 2.3

CVE-2021-30887 [MEDIUM] CVE-2021-30887: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m... A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. Scope: local bookworm: resolved (fixed in 2.34.3-1) bullseye: resolved (fixed in 2.34.3-1~deb11u1) forky: r

CVE-2021-30823 [MEDIUM] CVE-2021-30823: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m... A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS. Scope: local bookworm: resolved (fixed in 2.34.1-1) bullseye: resolved (fixed in 2.34.1-1~deb11u1) forky: resolved (fixed in 2.34.1

CVE-2021-1801 [MEDIUM] CVE-2021-1801: webkit2gtk - This issue was addressed with improved iframe sandbox enforcement. This issue is... This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Scope: local bookworm: resolved (fixed in 2.30.6-1) bullseye: resol

CVE-2020-9895 [CRITICAL] CVE-2020-9895: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Scope: local bookwor

CVE-2020-10018 [CRITICAL] CVE-2020-10018: webkit2gtk - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions r... WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. Scope: local bookworm: resolved (fixed in 2.28.0-2) bullseye: resolved (fixed in 2.28.0-2) forky: r

CVE-2020-13753 [CRITICAL] CVE-2020-13753: webkit2gtk - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to p... The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal'