ALT-PU-2017-1154-1 — libwebkitgtk4

CVE-2017-2350

MEDIUM6.5

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Ссылки

CVE-2017-2354

HIGH8.8

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2017-2355

HIGH8.8

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2017-2356

HIGH8.8

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2017-2362

HIGH8.8

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2017-2363

MEDIUM6.5

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Ссылки

CVE-2017-2364

MEDIUM6.5

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Ссылки

CVE-2017-2365

MEDIUM6.5

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Ссылки

CVE-2017-2366

HIGH8.8

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2017-2369

HIGH8.8

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2017-2371

MEDIUM6.5

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Ссылки

CVE-2017-2373

HIGH8.8

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Опубликовано: 2017-02-20Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

Обновление пакета libwebkitgtk4 в ветке sisyphus

Закрытые проблемы (12)

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.