6.8
CVSSv2

CVE-2020-9983

Published: 16/10/2020 Updated: 23/12/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

An out-of-bounds write issue was found in webkit2gtk prior to 2.30.3. Processing maliciously crafted web content may have lead to code execution.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple safari

Vendor Advisories

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9948 Brendan Draper discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE-2020-9951 Marcin Noga discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE ...
Arch Linux Security Advisory ASA-202011-28 ========================================== Severity: Medium Date : 2020-11-26 CVE-ID : CVE-2020-9983 CVE-2020-13584 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1291 Summary ======= The package webkit2gtk before version 2303-1 i ...
An out-of-bounds write issue was found in webkit2gtk before 2303 Processing maliciously crafted web content may have lead to code execution ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-09-16-3 Safari 140 Safari 140 is now available and addresses the following: WebKit Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issu ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 140 Safari 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211845 Safari Available for: macOS Catalina and macOS Mojave, and included in macOS ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008 ------------------------------------------------------------------------ Date reported : November 23, 2020 Advisory ID : WSA-2020-0008 WebKitGTK Advisory URL : webkitgtkor ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 70 watchOS 70 addresses the following issues Information about the security content is also available at supportapplecom/HT211844 Audio Available for: Apple Watch Series 3 and later Impact: A malicious appl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 140 tvOS 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211843 Assets Available for: Apple TV 4K and Apple TV HD Impact: An attacker may be abl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 iOS 140 and iPadOS 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211850 AppleAVD Available for: iPhone 6s and later, iPod ...

Recent Articles

Russians charged for $16.8m crypto-coin heist, but traders warned their cash is only as safe as their security is tight
The Register • Shaun Nichols in San Francisco • 21 Sep 2020

Plus: Lazarus Group joins the big league, ex-Aussie PM doxxed, new flaw found in Bluetooth, and more

In brief A pair from Russia have been indicted for stealing nearly $17m worth of cryptocurrency.
US prosecutors allege that Dmitrii Karasavid and Danil Potekhin did everything from phishing and spoofing to price manipulation to make off with $16.8m in internet scrip.
Prosecutors claim that the pair would use phishing emails and fake logins to steal the passwords of currency owners. After breaking into the wallets and making off with the cryptocurrency, it is said they and their unnam...

The Register

In brief A pair from Russia have been indicted for stealing nearly $17m worth of cryptocurrency.
US prosecutors allege that Dmitrii Karasavid and Danil Potekhin did everything from phishing and spoofing to price manipulation to make off with $16.8m in internet scrip.
Prosecutors claim that the pair would use phishing emails and fake logins to steal the passwords of currency owners. After breaking into the wallets and making off with the cryptocurrency, it is said they and their unnam...