Multiple vulnerabilities in WebKitGTK and WPE WebKit



Published: 2019-11-08 | Updated: 2019-12-02
Risk High
Patch available YES
Number of vulnerabilities 19
CVE-ID CVE-2019-8819
CVE-2019-8816
CVE-2019-8815
CVE-2019-8814
CVE-2019-8820
CVE-2019-8821
CVE-2019-8823
CVE-2019-8822
CVE-2019-8813
CVE-2019-8812
CVE-2019-8765
CVE-2019-8764
CVE-2019-8743
CVE-2019-8766
CVE-2019-8782
CVE-2019-8811
CVE-2019-8808
CVE-2019-8783
CVE-2019-8710
CWE-ID CWE-119
CWE-79
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
WebKitGTK+
Server applications / Frameworks for developing and running applications

WPE WebKit
Server applications / Frameworks for developing and running applications

Vendor WebKitGTK
WPE WebKit

Security Bulletin

This security bulletin contains information about 19 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU23166

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8819

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.0

WPE WebKit: 0.1 - 2.26.0


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU23165

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8816

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.0

WPE WebKit: 0.1 - 2.26.0


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU23164

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8815

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.25.92

WPE WebKit: 0.1 - 2.25.91


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Buffer overflow

EUVDB-ID: #VU23163

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8814

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.1

WPE WebKit: 0.1 - 2.26.1


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Buffer overflow

EUVDB-ID: #VU23167

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8820

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.0

WPE WebKit: 0.1 - 2.26.0


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Buffer overflow

EUVDB-ID: #VU23168

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8821

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.24.3

WPE WebKit: 0.1 - 2.24.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Buffer overflow

EUVDB-ID: #VU23170

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8823

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.0

WPE WebKit: 0.1 - 2.26.0


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Buffer overflow

EUVDB-ID: #VU23169

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8822

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.24.3

WPE WebKit: 0.1 - 2.24.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Cross-site scripting

EUVDB-ID: #VU23162

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-8813

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.0

WPE WebKit: 0.1 - 2.26.0


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Buffer overflow

EUVDB-ID: #VU23161

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8812

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.1

WPE WebKit: 0.1 - 2.26.1


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Buffer overflow

EUVDB-ID: #VU23155

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8765

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.24.3

WPE WebKit: 0.1 - 2.24.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Cross-site scripting

EUVDB-ID: #VU23154

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-8764

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.25.92

WPE WebKit: 0.1 - 2.25.91


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Buffer overflow

EUVDB-ID: #VU23153

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8743

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.25.92

WPE WebKit: 0.1 - 2.25.91


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Buffer overflow

EUVDB-ID: #VU23156

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8766

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.25.92

WPE WebKit: 0.1 - 2.25.91


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Buffer overflow

EUVDB-ID: #VU23157

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8782

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.25.92

WPE WebKit: 0.1 - 2.25.91


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Buffer overflow

EUVDB-ID: #VU23160

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8811

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.0

WPE WebKit: 0.1 - 2.26.0


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Buffer overflow

EUVDB-ID: #VU23159

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8808

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.25.92

WPE WebKit: 0.1 - 2.25.91


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Buffer overflow

EUVDB-ID: #VU23158

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8783

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.26.0

WPE WebKit: 0.1 - 2.26.0


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Buffer overflow

EUVDB-ID: #VU23152

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8710

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 1.2.0 - 2.25.92

WPE WebKit: 0.1 - 2.25.91


CPE2.3 External links

http://webkitgtk.org/security/WSA-2019-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###