The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WebKit

vulnerability CVE-2017-2367 CVE-2017-2376 CVE-2017-2377

WebKit: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKit.
Impacted products: iOS by Apple, iPhone, Mac OS X, Ubuntu, WebKit.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 31.
Creation date: 11/04/2017.
Revision date: 21/04/2017.
Identifiers: 1084, 1094, 1095, CVE-2017-2367, CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475, CVE-2017-2476, CVE-2017-2481, HT207615, HT207617, TALOS-2017-0306, USN-3257-1, VIGILANCE-VUL-22400.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKit.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-9642

WebKit: out-of-bounds memory reading via JavaScriptCore

Synthesis of the vulnerability

An attacker can force a read at an invalid address via JavaScriptCore of WebKit, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Ubuntu, WebKit.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/04/2017.
Identifiers: CVE-2016-9642, HT207617, USN-3257-1, VIGILANCE-VUL-22399.

Description of the vulnerability

An attacker can force a read at an invalid address via JavaScriptCore of WebKit, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-2350 CVE-2017-2354 CVE-2017-2355

WebKit: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKit.
Impacted products: iOS by Apple, iPhone, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WebKit.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 17/02/2017.
Revision date: 23/02/2017.
Identifiers: 1038, 1044, 1049, 1050, 1057, 999, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373, HT207482, HT207617, openSUSE-SU-2017:2991-1, openSUSE-SU-2018:0326-1, SUSE-SU-2017:2933-1, SUSE-SU-2018:0219-1, USN-3200-1, USN-3257-1, VIGILANCE-VUL-21873.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKit.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7586 CVE-2016-7589 CVE-2016-7592

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WebKit.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 23/01/2017.
Identifiers: CVE-2016-7586, CVE-2016-7589, CVE-2016-7592, CVE-2016-7599, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7641, CVE-2016-7645, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656, FEDORA-2017-b015aa1d33, FEDORA-2017-d317f6fb61, openSUSE-SU-2017:2991-1, SUSE-SU-2017:2933-1, SUSE-SU-2018:0219-1, USN-3191-1, VIGILANCE-VUL-21648.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4611 CVE-2016-4728 CVE-2016-4729

WebKit: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKit.
Impacted products: iOS by Apple, iPhone, Ubuntu, WebKit.
Severity: 4/4.
Consequences: privileged access/rights, client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 21/09/2016.
Revisions dates: 21/09/2016, 11/01/2017.
Identifiers: CVE-2016-4611, CVE-2016-4728, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4758, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4763, CVE-2016-4764, CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, HT207143, USN-3166-1, VIGILANCE-VUL-20658, ZDI-16-527.

Description of the vulnerability

Several vulnerabilities were announced in WebKit.

An attacker can trigger an error in the handling of a Web page, in order to make the client run arbitrary code. [severity:2/4; CVE-2016-4728]

An attacker can make a user visit a specially crafted Web site, in order to steal sensitive information. [severity:2/4; CVE-2016-4758]

An attacker can generate several memory corruptions, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4611, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4759, CVE-2016-4762, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, ZDI-16-527]

An attacker can tamper with the HTTP client of WebKit, in order to make it access non Web resources. [severity:2/4; CVE-2016-4760]

An attacker can generate two memory corruptions, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4733, CVE-2016-4765]

An attacker can use a specially crafted X.509 certificate, in order to tamper with the certificate validation procedure. [severity:2/4; CVE-2016-4763]

An unknown vulnerability was announced. [severity:2/4; CVE-2016-4761]

An unknown vulnerability was announced. [severity:2/4; CVE-2016-4764]

An unknown vulnerability was announced. [severity:2/4; CVE-2016-4769]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7578

WebKit: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of WebKit, in order to trigger a denial of service, and possibly to run code.
Impacted products: Ubuntu, WebKit.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 11/01/2017.
Identifiers: CVE-2016-7578, USN-3166-1, VIGILANCE-VUL-21548.

Description of the vulnerability

An attacker can generate a memory corruption of WebKit, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-4613

WebKit: information disclosure via State Management

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via State Management of WebKit, in order to obtain sensitive information.
Impacted products: Ubuntu, WebKit.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 11/01/2017.
Identifiers: CVE-2016-4613, USN-3166-1, VIGILANCE-VUL-21547.

Description of the vulnerability

An attacker can bypass access restrictions to data via State Management of WebKit, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-9643

WebKit: infinite loop via JavaScript Regex

Synthesis of the vulnerability

An attacker can generate an infinite loop via JavaScript Regex of WebKit, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Ubuntu, WebKit.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/11/2016.
Identifiers: CVE-2016-9643, HT207617, USN-3257-1, VIGILANCE-VUL-21218.

Description of the vulnerability

An attacker can generate an infinite loop via JavaScript Regex of WebKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4666 CVE-2016-4677

WebKit: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKit.
Impacted products: iOS by Apple, iPhone, WebKit.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/10/2016.
Identifiers: CERTFR-2016-AVI-359, CVE-2016-4666, CVE-2016-4677, HT207271, VIGILANCE-VUL-20945, ZDI-16-590.

Description of the vulnerability

Several vulnerabilities were announced in WebKit.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4666]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4677, ZDI-16-590]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4657

WebKit: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of WebKit, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, WebKit.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 02/09/2016.
Identifiers: CVE-2016-4657, HT207107, HT207131, VIGILANCE-VUL-20508.

Description of the vulnerability

An attacker can generate a memory corruption of WebKit, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WebKit: