Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-9951

Published: 16/10/2020 Updated: 23/07/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A use after free issue was found in webkit2gtk prior to 2.30.0. Processing maliciously crafted web content may have lead to arbitrary code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple watchos

apple safari

apple tvos

apple ipados

apple icloud

apple itunes

webkit webkitgtk+

debian debian linux 10.0

Vendor Advisories

Debian Security Advisories: DSA-4797-1 webkit2gtk -- security update
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9948 Brendan Draper discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE-2020-9951 Marcin Noga discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE ...
Arch Linux Issues:
A use after free issue was found in webkit2gtk before 2300 Processing maliciously crafted web content may have lead to arbitrary code execution ...

Mailing Lists

Full Disclosure: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008 ------------------------------------------------------------------------ Date reported : November 23, 2020 Advisory ID : WSA-2020-0008 WebKitGTK Advisory URL : webkitgtkor ...
Full Disclosure: APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 70 watchOS 70 addresses the following issues Information about the security content is also available at supportapplecom/HT211844 Audio Available for: Apple Watch Series 3 and later Impact: A malicious appl ...
Full Disclosure: APPLE-SA-2020-09-16-3 Safari 14.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-09-16-3 Safari 140 Safari 140 is now available and addresses the following: WebKit Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issu ...
Full Disclosure: APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 140 Safari 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211845 Safari Available for: macOS Catalina and macOS Mojave, and included in macOS ...
Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 iOS 140 and iPadOS 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211850 AppleAVD Available for: iPhone 6s and later, iPod ...
Full Disclosure: APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 140 tvOS 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211843 Assets Available for: Apple TV 4K and Apple TV HD Impact: An attacker may be abl ...

Recent Articles

Russians charged for $16.8m crypto-coin heist, but traders warned their cash is only as safe as their security is tight
The Register • Shaun Nichols in San Francisco • 21 Sep 2020

Plus: Lazarus Group joins the big league, ex-Aussie PM doxxed, new flaw found in Bluetooth, and more

In brief A pair from Russia have been indicted for stealing nearly $17m worth of cryptocurrency. US prosecutors allege that Dmitrii Karasavid and Danil Potekhin did everything from phishing and spoofing to price manipulation to make off with $16.8m in internet scrip. Prosecutors claim that the pair would use phishing emails and fake logins to steal the passwords of currency owners. After breaking into the wallets and making off with the cryptocurrency, it is said they and their unnamed co-conspi...

Read more...

References

CWE-416https://support.apple.com/HT211845https://support.apple.com/kb/HT211843https://support.apple.com/kb/HT211850https://support.apple.com/kb/HT211844https://support.apple.com/kb/HT211952http://seclists.org/fulldisclosure/2020/Nov/19http://seclists.org/fulldisclosure/2020/Nov/18http://seclists.org/fulldisclosure/2020/Nov/22http://seclists.org/fulldisclosure/2020/Nov/20http://www.openwall.com/lists/oss-security/2020/11/23/3https://www.debian.org/security/2020/dsa-4797https://support.apple.com/kb/HT211935https://security.gentoo.org/glsa/202012-10https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4797https://security.archlinux.org/CVE-2020-9951
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834CVE-2024-30100CVE-2024-4577physicaldosCVE-2024-30099CVE-2024-27801CVE-2024-32146logic flaw
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook