Debian Wpewebkit vulnerabilities

CVE-2022-26710 [HIGH] CVE-2022-26710: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.36.4-1) bullseye: resolved (fixed in 2.36.4-1~deb11u1) forky: resolved (fixe

CVE-2022-46725 [MEDIUM] CVE-2022-46725: webkit2gtk - A spoofing issue existed in the handling of URLs. This issue was addressed with ... A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.38.4-1) bullseye: resolved (fixed in 2.38.4-2~deb11u1) forky: resolved (fixed in 2.38.4-1) sid: reso

CVE-2022-32891 [MEDIUM] CVE-2022-32891: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in Safari... The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. Scope: local bookworm: resolved (fixed in 2.36.6-1) bullseye: resolved (fixed in 2.36.6-1~deb11u1) forky: resolved (fixed in 2.36.6-1) sid: resolved (fixed in 2.36.6-1) trixie:

CVE-2022-22594 [MEDIUM] CVE-2022-22594: webkit2gtk - A cross-origin issue in the IndexDB API was addressed with improved input valida... A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. Scope: local bookworm: resolved (fixed in 2.34.4-1) bullseye: resolved (fixed in 2.34.4-1~deb11u1) forky: resol

CVE-2022-32919 [MEDIUM] CVE-2022-32919: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in iOS 16... The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. Scope: local bookworm: resolved (fixed in 2.38.4-1) bullseye: resolved (fixed in 2.38.4-2~deb11u1) forky: resolved (fixed in 2.38.4-1) sid: resolved (fixed in 2.38.4-1)

CVE-2022-42824 [MEDIUM] CVE-2022-42824: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. Scope: local bookworm: resolved (fixed in 2.38.2-1) bullseye: resolved (fixed in 2.38.2-1~deb11u1) forky: resolved (f

CVE-2022-22662 [MEDIUM] CVE-2022-22662: webkit2gtk - A cookie management issue was addressed with improved state management. This iss... A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. Scope: local bookworm: resolved (fixed in 2.36.0-1) bullseye: resolved (fixed in 2.36.0-3~deb11u1) forky: resolved (fixed in 2.

CVE-2022-22589 [MEDIUM] CVE-2022-22589: webkit2gtk - A validation issue was addressed with improved input sanitization. This issue is... A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. Scope: local bookworm: resolved (fixed in 2.34.5-1) bullseye: resolved (fixed in 2.34.6-1~deb11u1) fo

CVE-2022-46698 [MEDIUM] CVE-2022-46698: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ... A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. Scope: local bookworm: resolved (fixed in 2.38.3-1) bullseye: resolved (fixed in 2.38.3-1~deb11u1)

CVE-2022-22677 [MEDIUM] CVE-2022-22677: webkit2gtk - A logic issue in the handling of concurrent media was addressed with improved st... A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. Scope: local bookworm: resolved (fixed in 2.36.4-1) bullseye: resolved (fixed in 2.36.4-1~deb11u1) forky: reso

CVE-2022-46692 [MEDIUM] CVE-2022-46692: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. Scope: local bookworm: resolved (fixed in 2.38.3-1) bullseye: resolv

CVE-2022-0108 [MEDIUM] CVE-2022-0108: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.7... Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie:

CVE-2022-32816 [MEDIUM] CVE-2022-32816: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in watchO... The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. Scope: local bookworm: resolved (fixed in 2.36.6-1) bullseye: resolved (fixed in 2.36.6-1~deb11u1) forky: resolved (fixed in 2.36.6-1) sid: reso

CVE-2022-42852 [MEDIUM] CVE-2022-42852: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. Scope: local bookworm: resolved (fixed in 2.38.3-1) bullseye: resolved (fixed in

CVE-2022-32923 [MEDIUM] CVE-2022-32923: webkit2gtk - A correctness issue in the JIT was addressed with improved checks. This issue is... A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. Scope: local bookworm: resolved (fixed in 2.38.0-1) bullseye: resolved (fixed in

CVE-2022-42799 [MEDIUM] CVE-2022-42799: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in tvOS 1... The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. Scope: local bookworm: resolved (fixed in 2.38.2-1) bullseye: resolved (fixed in 2.38.2-1~deb11u1) forky: resolved (fixed in 2.38.2-1) sid: reso

CVE-2022-22592 [MEDIUM] CVE-2022-22592: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: resolved (fixed in 2.34.5-1) bullseye: resolved (fixed in 2.34.6-1~deb11u

CVE-2022-46705 [MEDIUM] CVE-2022-46705: webkit2gtk - A spoofing issue existed in the handling of URLs. This issue was addressed with ... A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.38.4-1) bullseye: resolved (fixed in 2.38.4-2~deb11u1) forky: resol

CVE-2022-32933 [MEDIUM] CVE-2022-32933: webkit2gtk - An information disclosure issue was addressed by removing the vulnerable code. T... An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. Scope: local bookworm: resolved (fixed in 2.38.0-1) bullseye: resolved (fixed in 2.38.0-1~deb11u1) forky: resolved (fixed in 2.38.0-1) sid: resolved

CVE-2022-32912 [HIGH] CVE-2022-32912: webkit2gtk - An out-of-bounds read was addressed with improved bounds checking. This issue is... An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved