Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2021.0400
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2021-0400)
Resumen:The remote host is missing an update for the 'webkit2' package(s) announced via the MGASA-2021-0400 advisory.
Descripción:Summary:
The remote host is missing an update for the 'webkit2' package(s) announced via the MGASA-2021-0400 advisory.

Vulnerability Insight:
Updated webkit2 packages fix security vulnerabilities:

A use-after-free vulnerability exists in the way certain events are
processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially
crafted web page can lead to a potential information leak and further
memory corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage (CVE-2021-21775).

A use-after-free vulnerability exists in the way Webkit GraphicsContext
handles certain events in WebKitGTK 2.30.4. A specially crafted web page
can lead to a potential information leak and further memory corruption.
A victim must be tricked into visiting a malicious web page to trigger
this vulnerability (CVE-2021-21779).

Processing maliciously crafted web content may lead to arbitrary code
execution (CVE-2021-30663, CVE-2021-30665, CVE-2021-30734, CVE-2021-30749,
CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799).

Processing maliciously crafted web content may lead to universal cross
site scripting (CVE-2021-30689, CVE-2021-30744).

A malicious website may be able to access restricted ports on arbitrary
servers (CVE-2021-30720).

Affected Software/OS:
'webkit2' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-21775
Debian Security Information: DSA-4945 (Google Search)
https://www.debian.org/security/2021/dsa-4945
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYMMBQN4PRVDLMIJT2LY2BWHLYBD57P3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229
http://www.openwall.com/lists/oss-security/2021/07/23/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-21779
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238
Common Vulnerability Exposure (CVE) ID: CVE-2021-30663
https://support.apple.com/en-us/HT212335
https://support.apple.com/en-us/HT212336
https://support.apple.com/en-us/HT212341
https://support.apple.com/en-us/HT212532
https://support.apple.com/en-us/HT212534
Common Vulnerability Exposure (CVE) ID: CVE-2021-30665
https://support.apple.com/en-us/HT212339
Common Vulnerability Exposure (CVE) ID: CVE-2021-30689
https://support.apple.com/en-us/HT212528
https://support.apple.com/en-us/HT212529
https://support.apple.com/en-us/HT212533
Common Vulnerability Exposure (CVE) ID: CVE-2021-30720
Common Vulnerability Exposure (CVE) ID: CVE-2021-30734
Common Vulnerability Exposure (CVE) ID: CVE-2021-30744
Common Vulnerability Exposure (CVE) ID: CVE-2021-30749
Common Vulnerability Exposure (CVE) ID: CVE-2021-30758
https://support.apple.com/en-us/HT212601
https://support.apple.com/en-us/HT212602
https://support.apple.com/en-us/HT212604
https://support.apple.com/en-us/HT212605
https://support.apple.com/en-us/HT212606
Common Vulnerability Exposure (CVE) ID: CVE-2021-30795
Common Vulnerability Exposure (CVE) ID: CVE-2021-30797
Common Vulnerability Exposure (CVE) ID: CVE-2021-30799
https://support.apple.com/en-us/HT212600
https://support.apple.com/en-us/HT212603
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.