The vulnerability of the WebKit rendering module in OpenSUSE Leap operating systems, Mac OS X, iOS, tvOS, watchOS, Safari browser, multimedia player iTunes, and iCloud service arises from an operation that goes beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

🗓️ 14 Apr 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

WebKit memory bounds vulnerability in OpenSUSE Leap allows arbitrary code via crafted website.

Reporter	Title	Published	Views	Family All 113
Tenable Nessus	Amazon Linux 2 : webkitgtk4 (ALAS-2020-1563)	11 Nov 202000:00	–	nessus
Tenable Nessus	Apple TV < 12.4 Multiple Vulnerabilities	26 Jul 201900:00	–	nessus
Tenable Nessus	Apple iOS < 12.4 Multiple Vulnerabilities	23 Jul 201900:00	–	nessus
Tenable Nessus	CentOS 7 : webkitgtk4 (RHSA-2020:4035)	30 Nov 202000:00	–	nessus
Tenable Nessus	Debian DSA-4515-1 : webkit2gtk - security update	5 Sep 201900:00	–	nessus
Tenable Nessus	FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (e45c3669-caf2-11e9-851a-dcf3aaa3f3ff)	3 Sep 201900:00	–	nessus
Tenable Nessus	GLSA-201909-05 : WebkitGTK+: Multiple vulnerabilities	9 Sep 201900:00	–	nessus
Tenable Nessus	Apple iCloud 7.x < 7.13 / 10.x < 10.6 Multiple Vulnerabilities	20 Aug 201900:00	–	nessus
Tenable Nessus	Apple iTunes < 12.9.6 Multiple Vulnerabilities (credentialed check)	26 Jul 201900:00	–	nessus
Tenable Nessus	Apple iTunes < 12.9.6 Multiple Vulnerabilities (uncredentialed check)	26 Jul 201900:00	–	nessus

Vulners

Node

novell suse_enterprise_storageMatch4

OR

novell suse_openstack_cloudMatch7

OR

novell suse_linux_enterprise_module_for_open_buildservice_development_toolsMatch15

OR

novell suse_linux_enterprise_module_for_basesystemMatch15

OR

novell suse_enterprise_storageMatch5

OR

novell suse_linux_enterprise_module_for_desktop_applicationsMatch15

OR

novell suse_openstack_cloudMatch8

OR

novell hpe_helion_openstackMatch8

OR

apple safariRange<12.1.2

OR

apple itunesRange<12.9.6

OR

apple icloudRange<7.13

OR

apple icloudRange<10.6

OR

novell opensuse_leapMatch15.0

OR

novell opensuse_leapMatch15.1

Source	Link
debian	www.debian.org/security/2019/dsa-4515
suse	www.suse.com/security/cve/CVE-2019-8669/
support	www.support.apple.com/HT210346
support	www.support.apple.com/HT210348
support	www.support.apple.com/HT210353
support	www.support.apple.com/HT210351
support	www.support.apple.com/HT210355
support	www.support.apple.com/HT210356
support	www.support.apple.com/HT210357
support	www.support.apple.com/HT210358

01 Jun 2020 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 38.8

CVSS 29.3

EPSS0.03272

OpenSUSE Leap Apple operating system Safari browser WebKit rendering memory bounds arbitrary code crafted website iTunes iCloud service