Debian Wpewebkit vulnerabilities

CVE-2020-3895 [HIGH] CVE-2020-3895: webkit2gtk - A memory corruption issue was addressed with improved memory handling. This issu... A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.0-

CVE-2020-3899 [HIGH] CVE-2020-3899: webkit2gtk - A memory consumption issue was addressed with improved memory handling. This iss... A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.2-1) bullseye: re

CVE-2020-9802 [HIGH] CVE-2020-9802: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i... A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.3-1) bullseye

CVE-2020-13543 [HIGH] CVE-2020-13543: webkit2gtk - A code execution vulnerability exists in the WebSocket functionality of Webkit W... A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.30.3-1) bullseye: resolved (fixed

CVE-2020-9948 [HIGH] CVE-2020-9948: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i... A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved (fixed in 2.30.1-1) sid: resolved (fixed in 2.30.1-1) trixie: resolved (fix

CVE-2020-9843 [HIGH] CVE-2020-9843: webkit2gtk - An input validation issue was addressed with improved input validation. This iss... An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. Scope: local bookworm: resolved (fixed

CVE-2020-9947 [HIGH] CVE-2020-9947: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed

CVE-2020-9806 [HIGH] CVE-2020-9806: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss... A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.

CVE-2020-9803 [HIGH] CVE-2020-9803: webkit2gtk - A memory corruption issue was addressed with improved validation. This issue is ... A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.3-1

CVE-2020-3901 [HIGH] CVE-2020-3901: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i... A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.0-2)

CVE-2020-9862 [HIGH] CVE-2020-9862: webkit2gtk - A command injection issue existed in Web Inspector. This issue was addressed wit... A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. Scope: local bookworm: resolved

CVE-2020-3897 [HIGH] CVE-2020-3897: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i... A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.0-2) bullseye: resolv

CVE-2020-9805 [HIGH] CVE-2020-9805: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i... A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. Scope: local bookworm: resolved (fixed in 2.28.3-1) bu

CVE-2020-11793 [HIGH] CVE-2020-11793: webkit2gtk - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2... A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Scope: local bookworm: resolved (fixed in 2.28.1-1) bullseye: resolved (fixed in 2.28.1-1) forky: resolved (fixed in 2.28.1-1) s

CVE-2020-3900 [HIGH] CVE-2020-3900: webkit2gtk - A memory corruption issue was addressed with improved memory handling. This issu... A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.28.0-

CVE-2020-3865 [HIGH] CVE-2020-3865: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.26.

CVE-2020-9893 [HIGH] CVE-2020-9893: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Scope: local bookworm: r

CVE-2020-13584 [HIGH] CVE-2020-13584: webkit2gtk - An exploitable use-after-free vulnerability exists in WebKitGTK browser version ... An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.30.3-1) bullseye: resolved (fixed in 2.30

CVE-2020-9807 [HIGH] CVE-2020-9807: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss... A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.

CVE-2020-9951 [HIGH] CVE-2020-9951: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved (fixed in 2.30.1-1) sid: resolved (fixed in 2.30.1-1) trixie: resolved (f