RHSA-2020:4451MediumCVSS 9.8

Red Hat Security Advisory: GNOME security, bug fix, and enhancement update

Published
November 4, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (57)

CVE-2020-15503CVE-2019-8814CVE-2020-3862CVE-2020-3899CVE-2019-8625CVE-2019-8811CVE-2019-8835CVE-2020-9802CVE-2019-8782CVE-2020-3897CVE-2020-3867CVE-2019-8783CVE-2020-9895CVE-2020-9952CVE-2019-8720CVE-2020-3900CVE-2020-9805CVE-2021-30761CVE-2019-8816CVE-2019-8844CVE-2021-30666CVE-2021-30762CVE-2019-8710CVE-2020-3901CVE-2020-9803CVE-2020-9850CVE-2019-8743CVE-2019-8766CVE-2019-8769CVE-2019-8819CVE-2019-8764CVE-2019-8771CVE-2020-3902CVE-2020-3864CVE-2020-3895CVE-2020-9807CVE-2020-9925CVE-2020-3885CVE-2020-3894CVE-2020-9806CVE-2020-9893CVE-2019-8808CVE-2019-8815CVE-2019-8820CVE-2020-11793CVE-2020-9843CVE-2020-10018CVE-2020-14391CVE-2020-3865CVE-2020-9862CVE-2019-8846CVE-2020-9894CVE-2020-9915CVE-2020-3868CVE-2019-8812CVE-2019-8813CVE-2019-8823

📋 Description

CVE-2019-8625 — webkitgtk: Incorrect state management leading to universal cross-site scripting CVE-2019-8710 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8720 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8743 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8764 — webkitgtk: Incorrect state management leading to universal cross-site scripting CVE-2019-8766 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8769 — webkitgtk: Websites could reveal browsing history CVE-2019-8771 — webkitgtk: Violation of iframe sandboxing policy CVE-2019-8782 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8783 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8808 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8811 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8812 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8813 — webkitgtk: Incorrect state management leading to universal cross-site scripting CVE-2019-8814 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8815 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8816 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8819 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8820 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8823 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2019-8835 — webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8844 — webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2019-8846 — webkitgtk: Use after free issue may lead to remote code execution CVE-2020-3862 — webkitgtk: Denial of service via incorrect memory handling CVE-2020-3864 — webkitgtk: Non-unique security origin for DOM object contexts CVE-2020-3865 — webkitgtk: Incorrect security check for a top-level DOM object context CVE-2020-3867 — webkitgtk: Incorrect state management leading to universal cross-site scripting CVE-2020-3868 — webkitgtk: Multiple memory corruption issues leading to arbitrary code execution CVE-2020-3885 — webkitgtk: Incorrect processing of file URLs CVE-2020-3894 — webkitgtk: Race condition allows reading of restricted memory CVE-2020-3895 — webkitgtk: Memory corruption triggered by a malicious web content CVE-2020-3897 — webkitgtk: Type confusion leading to arbitrary code execution CVE-2020-3899 — webkitgtk: Memory consumption issue leading to arbitrary code execution CVE-2020-3900 — webkitgtk: Memory corruption triggered by a malicious web content CVE-2020-3901 — webkitgtk: Type confusion leading to arbitrary code execution CVE-2020-3902 — webkitgtk: Input validation issue leading to cross-site script attack CVE-2020-9802 — webkitgtk: Logic issue may lead to arbitrary code execution CVE-2020-9803 — webkitgtk: Memory corruption may lead to arbitrary code execution CVE-2020-9805 — webkitgtk: Logic issue may lead to cross site scripting CVE-2020-9806 — webkitgtk: Memory corruption may lead to arbitrary code execution CVE-2020-9807 — webkitgtk: Memory corruption may lead to arbitrary code execution CVE-2020-9843 — webkitgtk: Input validation issue may lead to cross site scripting CVE-2020-9850 — webkitgtk: Logic issue may lead to arbitrary code execution CVE-2020-9862 — webkitgtk: Command injection in web inspector CVE-2020-9893 — webkitgtk: Use-after-free may lead to application termination or arbitrary code execution CVE-2020-9894 — webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution CVE-2020-9895 — webkitgtk: Use-after-free may lead to application termination or arbitrary code execution CVE-2020-9915 — webkitgtk: Access issue in content security policy CVE-2020-9925 — webkitgtk: A logic issue may lead to cross site scripting CVE-2020-9952 — webkitgtk: input validation issue may lead to a cross site scripting CVE-2020-10018 — webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp CVE-2020-11793 — webkitgtk: use-after-free via crafted web content CVE-2020-14391 — gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center CVE-2020-15503 — LibRaw: lack of thumbnail size range check can lead to buffer overflow CVE-2021-30666 — webkitgtk: Buffer overflow leading to arbitrary code execution CVE-2021-30761 — webkitgtk: Memory corruption leading to arbitrary code execution CVE-2021-30762 — webkitgtk: Use-after-free leading to arbitrary code execution

🔗 References (104)