Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-13584 (GCVE-0-2020-13584)
Vulnerability from cvelistv5 – Published: 2020-12-03 17:02 – Updated: 2024-08-04 12:25
VLAI?
EPSS
Summary
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- use-after free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-e8a7566e80",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"
},
{
"name": "GLSA-202012-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Webkit WebKitGTK 2.30.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use-after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:10.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "FEDORA-2020-e8a7566e80",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"
},
{
"name": "GLSA-202012-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-13584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Webkit",
"version": {
"version_data": [
{
"version_value": "Webkit WebKitGTK 2.30.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-e8a7566e80",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"
},
{
"name": "GLSA-202012-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-13584",
"datePublished": "2020-12-03T17:02:07.000Z",
"dateReserved": "2020-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-W3WX-PFGJ-QGV3
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI?
Details
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-13584"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-03T17:15:00Z",
"severity": "HIGH"
},
"details": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.",
"id": "GHSA-w3wx-pfgj-qgv3",
"modified": "2022-05-24T17:35:07Z",
"published": "2022-05-24T17:35:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13584"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2020-13584
Vulnerability from fkie_nvd - Published: 2020-12-03 17:15 - Updated: 2024-11-21 05:01
Severity ?
Summary
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webkitgtk | webkitgtk | 2.30.1 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:2.30.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "4BB33890-7EBA-41F6-84CB-4FBCF12DC817",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad explotable de uso de la memoria previamente liberada en el navegador WebKitGTK versi\u00f3n 2.30.1 x64.\u0026#xa0;Una p\u00e1gina web HTML especialmente dise\u00f1ada puede causar una condici\u00f3n de uso de la memoria previamente liberada, resultando en una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;La v\u00edctima necesita visitar un sitio web malicioso para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2020-13584",
"lastModified": "2024-11-21T05:01:33.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-03T17:15:12.147",
"references": [
{
"source": "talos-cna@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2021-AVI-791
Vulnerability from certfr_avis - Published: 2021-10-15 - Updated: 2021-10-15
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP3 | ||
| IBM | N/A | CP4S versions 1.7.0 à 1.7.2 antérieures à 1.8.0.0 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4S versions 1.7.0 \u00e0 1.7.2 ant\u00e9rieures \u00e0 1.8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2020-8315",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8315"
},
{
"name": "CVE-2021-25215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
},
{
"name": "CVE-2020-24977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
},
{
"name": "CVE-2020-13543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13543"
},
{
"name": "CVE-2021-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2017-12620",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12620"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2020-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8622"
},
{
"name": "CVE-2020-29362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29362"
},
{
"name": "CVE-2020-9983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9983"
},
{
"name": "CVE-2021-1820",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1820"
},
{
"name": "CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2020-9951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9951"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2021-20305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2021-20578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20578"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2019-13012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13012"
},
{
"name": "CVE-2021-29679",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29679"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2020-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8624"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2020-14362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14362"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2019-3842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-1826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1826"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2017-14502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14502"
},
{
"name": "CVE-2020-29361",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29361"
},
{
"name": "CVE-2021-1817",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1817"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2020-14347",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14347"
},
{
"name": "CVE-2020-14360",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14360"
},
{
"name": "CVE-2021-1825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1825"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2020-14346",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14346"
},
{
"name": "CVE-2020-14361",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14361"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2021-30661",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2020-29363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29363"
},
{
"name": "CVE-2021-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2020-13584",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13584"
},
{
"name": "CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-4951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4951"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2016-10228",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-25214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2020-13933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13933"
},
{
"name": "CVE-2020-14344",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14344"
},
{
"name": "CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2020-24332",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24332"
},
{
"name": "CVE-2020-25712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25712"
},
{
"name": "CVE-2021-29745",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29745"
},
{
"name": "CVE-2020-24330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24330"
},
{
"name": "CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"name": "CVE-2021-29894",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29894"
},
{
"name": "CVE-2020-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9948"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2021-23362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2020-24331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24331"
},
{
"name": "CVE-2020-14345",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14345"
},
{
"name": "CVE-2020-25692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
},
{
"name": "CVE-2020-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8625"
}
],
"initial_release_date": "2021-10-15T00:00:00",
"last_revision_date": "2021-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-791",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6491661 du 14 octobre 2021",
"url": "https://www.ibm.com/support/pages/node/6491661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6493729 du 14 octobre 2021",
"url": "https://www.ibm.com/support/pages/node/6493729"
}
]
}
cve-2020-13584
Vulnerability from osv_almalinux
Published
2021-05-18 05:35
Modified
2021-11-12 10:20
Summary
Moderate: GNOME security, bug fix, and enhancement update
Details
GNOME is the default desktop environment of AlmaLinux.
The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304)
Security Fix(es):
-
webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)
-
webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951)
-
webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)
-
webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543)
-
webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584)
-
glib2: insecure permissions for files and directories (CVE-2019-13012)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "OpenEXR-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0-12.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "OpenEXR-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0-12.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "accountsservice-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.55-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "atkmm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.2-7.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "atkmm-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.2-7.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "atkmm-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.2-7.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cairomm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cairomm-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cairomm-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "chrome-gnome-shell"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.1-7.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dleyna-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dleyna-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "enchant2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.3-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "enchant2-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.3-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gamin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.10-32.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gamin-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.10-32.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "geoclue2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.5-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "geoclue2-demos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.5-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "geoclue2-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.5-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "geoclue2-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.5-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "geocode-glib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.26.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "geocode-glib-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.26.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gjs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.56.2-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gjs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.56.2-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "glib2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.56.4-9.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "glib2-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.56.4-9.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "glibmm24"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.56.0-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "glibmm24-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.56.0-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "glibmm24-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.56.0-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-boxes"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.36.5-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-photos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-4.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-photos-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-4.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-terminal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.3-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-terminal-nautilus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.3-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.28-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.32-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk2-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.32-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk2-devel-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.32-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk2-immodule-xim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.32-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtk2-immodules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.32-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtkmm24"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.5-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtkmm24-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.5-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtkmm24-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.5-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtkmm30"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtkmm30-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gtkmm30-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-afc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-afp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-archive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-fuse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-goa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-gphoto2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-mtp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gvfs-smb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.36.2-11.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libdazzle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.5-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libdazzle-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.5-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libepubgen"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libepubgen-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libsass"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.5-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libsass-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.5-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libsigc++20"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libsigc++20-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libsigc++20-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.0-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libvisual"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.4.0-25.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libvisual-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.4.0-25.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mutter-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.32.2-57.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nautilus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nautilus-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nautilus-extensions"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.1-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pangomm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.40.1-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pangomm-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.40.1-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pangomm-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.40.1-6.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "soundtouch"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "soundtouch-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vala"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.40.19-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "vala-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.40.19-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "woff2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "woff2-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GNOME is the default desktop environment of AlmaLinux.\n\nThe following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304)\n\nSecurity Fix(es):\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)\n\n* webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951)\n\n* webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)\n\n* webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543)\n\n* webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584)\n\n* glib2: insecure permissions for files and directories (CVE-2019-13012)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:1586",
"modified": "2021-11-12T10:20:56Z",
"published": "2021-05-18T05:35:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-1586.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-13012"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-13543"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-13584"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-16125"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-9948"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-9951"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-9983"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1817"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1820"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1825"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-1826"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-30661"
}
],
"related": [
"CVE-2020-9948",
"CVE-2020-9951",
"CVE-2020-9983",
"CVE-2020-13543",
"CVE-2020-13584",
"CVE-2019-13012"
],
"summary": "Moderate: GNOME security, bug fix, and enhancement update"
}
GSD-2020-13584
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-13584",
"description": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.",
"id": "GSD-2020-13584",
"references": [
"https://www.suse.com/security/cve/CVE-2020-13584.html",
"https://www.debian.org/security/2020/dsa-4797",
"https://access.redhat.com/errata/RHSA-2021:1586",
"https://advisories.mageia.org/CVE-2020-13584.html",
"https://security.archlinux.org/CVE-2020-13584",
"https://linux.oracle.com/cve/CVE-2020-13584.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-13584"
],
"details": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.",
"id": "GSD-2020-13584",
"modified": "2023-12-13T01:21:46.855662Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-13584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Webkit",
"version": {
"version_data": [
{
"version_value": "Webkit WebKitGTK 2.30.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-e8a7566e80",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"
},
{
"name": "GLSA-202012-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk:2.30.1:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-13584"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195",
"refsource": "MISC",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195"
},
{
"name": "FEDORA-2020-e8a7566e80",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"
},
{
"name": "GLSA-202012-10",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-10"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-08-06T03:49Z",
"publishedDate": "2020-12-03T17:15Z"
}
}
}
CVE-2020-13584
Vulnerability from fstec - Published: 23.11.2020
VLAI Severity ?
Title
Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Description
Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код или вызвать отказ в обслуживании с помощью специально созданного веб-сайта
Severity ?
Vendor
Red Hat Inc., Fedora Project, Сообщество свободного программного обеспечения, АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Fedora, WebKitGTK, WPE WebKit, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
8 (Red Hat Enterprise Linux), 32 (Fedora), до 2.30.1 (WebKitGTK), до 2.30.1 (WPE WebKit), до 2.1 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для WebKitGTK и WPE WebKit:
https://webkitgtk.org/security/WSA-2020-0008.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2020-13584
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения webkit2gtk до версии 2.32.3-1~deb10u1
Reference
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
https://security.gentoo.org/glsa/202012-10
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195
https://webkitgtk.org/security/WSA-2020-0008.html
https://access.redhat.com/security/cve/cve-2020-13584
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Fedora Project, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 32 (Fedora), \u0434\u043e 2.30.1 (WebKitGTK), \u0434\u043e 2.30.1 (WPE WebKit), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f WebKitGTK \u0438 WPE WebKit:\nhttps://webkitgtk.org/security/WSA-2020-0008.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-13584\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.32.3-1~deb10u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.11.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.10.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06102",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-13584",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Fedora, WebKitGTK, WPE WebKit, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Fedora Project Fedora 32 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/ \nhttps://security.gentoo.org/glsa/202012-10 \nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1195\nhttps://webkitgtk.org/security/WSA-2020-0008.html\nhttps://access.redhat.com/security/cve/cve-2020-13584\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…