8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.291 Low
EPSS
Percentile
96.8%
Severity: Critical
Date : 2019-09-04
CVE-ID : CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8669
CVE-2019-8678 CVE-2019-8680 CVE-2019-8683 CVE-2019-8684
CVE-2019-8688
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1033
The package webkit2gtk before version 2.24.4-1 is vulnerable to
multiple issues including arbitrary code execution and cross-site
scripting.
Upgrade to 2.24.4-1.
The problems have been fixed upstream in version 2.24.4.
None.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to arbitrary code execution.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to universal cross site
scripting.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to universal cross site
scripting.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to arbitrary code execution.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to arbitrary code execution.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to arbitrary code execution.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to arbitrary code execution.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to arbitrary code execution.
An issue has been found in WebKitGTK before 2.24.4 where processing
maliciously crafted web content may lead to arbitrary code execution.
A remote attacker can bypass security restrictions via universal cross-
site scripting or execute arbitrary code via crafted web content.
https://webkitgtk.org/security/WSA-2019-0004.html
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8644
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8649
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8658
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8669
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8678
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8680
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8683
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8684
https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8688
https://security.archlinux.org/CVE-2019-8644
https://security.archlinux.org/CVE-2019-8649
https://security.archlinux.org/CVE-2019-8658
https://security.archlinux.org/CVE-2019-8669
https://security.archlinux.org/CVE-2019-8678
https://security.archlinux.org/CVE-2019-8680
https://security.archlinux.org/CVE-2019-8683
https://security.archlinux.org/CVE-2019-8684
https://security.archlinux.org/CVE-2019-8688
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | webkit2gtk | < 2.24.4-1 | UNKNOWN |
security.archlinux.org/AVG-1033
security.archlinux.org/CVE-2019-8644
security.archlinux.org/CVE-2019-8649
security.archlinux.org/CVE-2019-8658
security.archlinux.org/CVE-2019-8669
security.archlinux.org/CVE-2019-8678
security.archlinux.org/CVE-2019-8680
security.archlinux.org/CVE-2019-8683
security.archlinux.org/CVE-2019-8684
security.archlinux.org/CVE-2019-8688
webkitgtk.org/security/WSA-2019-0004.html
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8644
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8649
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8658
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8669
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8678
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8680
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8683
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8684
webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8688
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.291 Low
EPSS
Percentile
96.8%