CentOS 8 : GNOME (CESA-2020:4451)

2021-02-01T00:00:00

Description

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4451 advisory. - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8625, CVE-2019-8813, CVE-2020-3867) - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8710, CVE-2019-8720, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2020-3868) - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8743) - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8764) - webkitgtk: Websites could reveal browsing history (CVE-2019-8769) - webkitgtk: Violation of iframe sandboxing policy (CVE-2019-8771) - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835, CVE-2019-8844) - webkitgtk: Use after free issue may lead to remote code execution (CVE-2019-8846) - webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp (CVE-2020-10018) - webkitgtk: use-after-free via crafted web content (CVE-2020-11793) - gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391) - LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503) - webkitgtk: Denial of service via incorrect memory handling (CVE-2020-3862) - webkitgtk: Non-unique security origin for DOM object contexts (CVE-2020-3864) - webkitgtk: Incorrect security check for a top-level DOM object context (CVE-2020-3865) - webkitgtk: Incorrect processing of file URLs (CVE-2020-3885) - webkitgtk: Race condition allows reading of restricted memory (CVE-2020-3894) - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3895) - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2020-3897, CVE-2020-3901) - webkitgtk: Memory consumption issue leading to arbitrary code execution (CVE-2020-3899) - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3900) - webkitgtk: Input validation issue leading to cross-site script attack (CVE-2020-3902) - webkitgtk: Logic issue may lead to arbitrary code execution (CVE-2020-9802, CVE-2020-9850) - webkitgtk: Memory corruption may lead to arbitrary code execution (CVE-2020-9803, CVE-2020-9806, CVE-2020-9807) - webkitgtk: Logic issue may lead to cross site scripting (CVE-2020-9805) - webkitgtk: Input validation issue may lead to cross site scripting (CVE-2020-9843) - webkitgtk: Command injection in web inspector (CVE-2020-9862) - webkitgtk: Use-after-free may lead to application termination or arbitrary code execution (CVE-2020-9893, CVE-2020-9895) - webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution (CVE-2020-9894) - webkitgtk: Access issue in content security policy (CVE-2020-9915) - webkitgtk: A logic issue may lead to cross site scripting (CVE-2020-9925) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

{"id": "CENTOS8_RHSA-2020-4451.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "CentOS 8 : GNOME (CESA-2020:4451)", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4451 advisory.\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8625, CVE-2019-8813, CVE-2020-3867)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8710, CVE-2019-8720, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2020-3868)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8743)\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8764)\n\n - webkitgtk: Websites could reveal browsing history (CVE-2019-8769)\n\n - webkitgtk: Violation of iframe sandboxing policy (CVE-2019-8771)\n\n - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835, CVE-2019-8844)\n\n - webkitgtk: Use after free issue may lead to remote code execution (CVE-2019-8846)\n\n - webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp (CVE-2020-10018)\n\n - webkitgtk: use-after-free via crafted web content (CVE-2020-11793)\n\n - gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)\n\n - LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)\n\n - webkitgtk: Denial of service via incorrect memory handling (CVE-2020-3862)\n\n - webkitgtk: Non-unique security origin for DOM object contexts (CVE-2020-3864)\n\n - webkitgtk: Incorrect security check for a top-level DOM object context (CVE-2020-3865)\n\n - webkitgtk: Incorrect processing of file URLs (CVE-2020-3885)\n\n - webkitgtk: Race condition allows reading of restricted memory (CVE-2020-3894)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3895)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2020-3897, CVE-2020-3901)\n\n - webkitgtk: Memory consumption issue leading to arbitrary code execution (CVE-2020-3899)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3900)\n\n - webkitgtk: Input validation issue leading to cross-site script attack (CVE-2020-3902)\n\n - webkitgtk: Logic issue may lead to arbitrary code execution (CVE-2020-9802, CVE-2020-9850)\n\n - webkitgtk: Memory corruption may lead to arbitrary code execution (CVE-2020-9803, CVE-2020-9806, CVE-2020-9807)\n\n - webkitgtk: Logic issue may lead to cross site scripting (CVE-2020-9805)\n\n - webkitgtk: Input validation issue may lead to cross site scripting (CVE-2020-9843)\n\n - webkitgtk: Command injection in web inspector (CVE-2020-9862)\n\n - webkitgtk: Use-after-free may lead to application termination or arbitrary code execution (CVE-2020-9893, CVE-2020-9895)\n\n - webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution (CVE-2020-9894)\n\n - webkitgtk: Access issue in content security policy (CVE-2020-9915)\n\n - webkitgtk: A logic issue may lead to cross site scripting (CVE-2020-9925)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-02-01T00:00:00", "modified": "2022-05-25T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/145826", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8764", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10018", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8720", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8816", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8766", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8782", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8710", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3899", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9925", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8783", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8820", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9807", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9915", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3901", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8813", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8819", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3900", "https://access.redhat.com/errata/RHSA-2020:4451", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3885", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9806", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8815", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9843", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9862", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8771", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9894", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8625", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3897", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9895", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3902", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3894", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8814", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14391", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8823", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3895", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8812", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11793", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9893", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8811", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8743", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8808"], "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-14391", "CVE-2020-15503", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "immutableFields": [], "lastseen": "2023-06-27T14:16:36", "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4451"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-8625", "ALPINE:CVE-2019-8710", "ALPINE:CVE-2019-8720", "ALPINE:CVE-2019-8743", "ALPINE:CVE-2019-8764", "ALPINE:CVE-2019-8766", "ALPINE:CVE-2019-8769", "ALPINE:CVE-2019-8771", "ALPINE:CVE-2019-8782", "ALPINE:CVE-2019-8783", "ALPINE:CVE-2019-8811", "ALPINE:CVE-2019-8812", "ALPINE:CVE-2019-8813", "ALPINE:CVE-2019-8814", "ALPINE:CVE-2019-8815", "ALPINE:CVE-2019-8816", "ALPINE:CVE-2019-8819", "ALPINE:CVE-2019-8820", "ALPINE:CVE-2019-8823", "ALPINE:CVE-2019-8835", "ALPINE:CVE-2019-8844", "ALPINE:CVE-2019-8846", "ALPINE:CVE-2020-10018", "ALPINE:CVE-2020-11793", "ALPINE:CVE-2020-15503", "ALPINE:CVE-2020-9802", "ALPINE:CVE-2020-9803", "ALPINE:CVE-2020-9805", "ALPINE:CVE-2020-9806", "ALPINE:CVE-2020-9807", "ALPINE:CVE-2020-9843", "ALPINE:CVE-2020-9850", "ALPINE:CVE-2020-9862", "ALPINE:CVE-2020-9893", "ALPINE:CVE-2020-9894", "ALPINE:CVE-2020-9895", "ALPINE:CVE-2020-9915", "ALPINE:CVE-2020-9925"]}, {"type": "amazon", "idList": ["ALAS2-2020-1563"]}, {"type": "apple", "idList": ["APPLE:0458C0EDF2FE61DE5E3752F33DA333D7", "APPLE:07C404431E4E9AA795FF43515E579852", "APPLE:0CE264553CBE730E0D2CF16017A5B273", "APPLE:0E1C386A7EBAE50F1A16EBD5FB86ED98", "APPLE:18DA9C53BF9A01E449E85E3E61CCDEC0", "APPLE:22E5661C993E7A1F50344055EDC625BA", "APPLE:23F4B15F98B9E907DBA0469D5F0BC654", "APPLE:24F0CE6C0A090A12BFC0624F060D429D", "APPLE:2B6F011ECD9EFE0F4D0983E7E6A91A15", "APPLE:2BE63E6C0ABEE62B27017A6E38BA31E8", "APPLE:2C63B730F1D775BC1F496033AB4C1E50", "APPLE:2D778DC3A51D07FD2EE75D0D87598CAB", "APPLE:362DE2664179C21B7B8FFF788120813E", "APPLE:39DFCF58466CAAB3F50DE93E2A885C72", "APPLE:4F5D2C20724C56D494032826B570F894", "APPLE:51FF6F769BC40CE415F07D8346C6A88D", "APPLE:524576436C5FDCCC5080CD76C6051F20", "APPLE:53B6452EB8CCAAEE3940A468CD7301EF", "APPLE:5A8CFDD70DD53A4CB492643428B2B78C", "APPLE:60BF7F72692F6CFF341525F7AC92F5EC", "APPLE:664BB2884C7D375FC11AD8C7123D5CCD", "APPLE:7033CCA4E259F96F17D1D049B6D11BE0", "APPLE:717EB24E41379638A244FDCE287538E6", "APPLE:76759F30E38205B816379E57C5E5C4C3", "APPLE:7896F4A93FD5FD018CC9D732F6694D33", "APPLE:82B6E79FBF3E204AFF11B0D8FA1D8701", "APPLE:8962973934F6CCC5756D8D4DB8D1F37F", "APPLE:8C1FE42B64A09C7B23ECEB4773F3CF3C", "APPLE:8EE1AE6C5FCC43369EAB8454FB35ED71", "APPLE:9CAF885CB18F659BDEB0CAC7F6570924", "APPLE:A1A8D52172AE1DABB07F3860D96264D1", "APPLE:A795FDEEEAA9C6C9B86551E188F8FA02", "APPLE:AA327FA1C4CF3105C8CBED9D78735E12", "APPLE:AA62A80C9E6F6992009BCCB45F9D570E", "APPLE:AA7D20441BD99D01D8BEDE3B9762EB04", "APPLE:AA9B80D4202B0773A6E30EECAE778C28", "APPLE:B079F933FC53AA9BD392638EBBEA2490", "APPLE:B4A51DEE7A0FB4F7EC28603D8D3C11F4", "APPLE:B52E92BE35619FA480B979F2662F87F8", "APPLE:B7C1A6678C1DA6625F5D2C92817D61DA", "APPLE:B891E6B961A423A3FA7E0836C2B1370D", "APPLE:BEA171F52CE1A41E31B39FE9FEF8FF60", "APPLE:CB6B9C8601808E98E91120E4D36A36F1", "APPLE:CC90AF91854DC3DAAF69A4D6FA63346F", "APPLE:CF9C08BD8DDC6A4A1E0D3912347422D3", "APPLE:D725BA42FF7DF9373C130EE10E8F427D", "APPLE:D7732CBB7EC3F59A83A8A74E674D8D67", "APPLE:E7AB28D63A34D7E0CE963F4835068B5C", "APPLE:ED19354ED13D765201D7E383EBAA2805", "APPLE:F0DD36964D42DC3E67689751DBBFF908", "APPLE:F7CA1A5840C15D3C9444B9C7F4FBA655", "APPLE:F8724C8799ED31E68E5E9D403280DAB8", "APPLE:HT210603", "APPLE:HT210604", "APPLE:HT210605", "APPLE:HT210606", "APPLE:HT210607", "APPLE:HT210608", "APPLE:HT210634", "APPLE:HT210635", "APPLE:HT210636", "APPLE:HT210637", "APPLE:HT210721", "APPLE:HT210723", "APPLE:HT210724", "APPLE:HT210725", "APPLE:HT210726", "APPLE:HT210727", "APPLE:HT210728", "APPLE:HT210785", "APPLE:HT210789", "APPLE:HT210790", "APPLE:HT210792", "APPLE:HT210793", "APPLE:HT210794", "APPLE:HT210795", "APPLE:HT210918", "APPLE:HT210920", "APPLE:HT210922", "APPLE:HT210923", "APPLE:HT210947", "APPLE:HT210948", "APPLE:HT211100", "APPLE:HT211101", "APPLE:HT211102", "APPLE:HT211103", "APPLE:HT211104", "APPLE:HT211105", "APPLE:HT211106", "APPLE:HT211107", "APPLE:HT211168", "APPLE:HT211171", "APPLE:HT211175", "APPLE:HT211177", "APPLE:HT211178", "APPLE:HT211179", "APPLE:HT211181", "APPLE:HT211288", "APPLE:HT211290", "APPLE:HT211291", "APPLE:HT211292", "APPLE:HT211293", "APPLE:HT211294", "APPLE:HT211295"]}, {"type": "archlinux", "idList": ["ASA-202002-10", "ASA-202002-7", "ASA-202003-9", "ASA-202004-17", "ASA-202004-23", "ASA-202007-1"]}, {"type": "attackerkb", "idList": ["AKB:BC51026B-2BE3-44B4-BB8E-2FEAC9CE2DE6", "AKB:FD5DCD72-BB0A-4081-AB80-02486983B88F"]}, {"type": "centos", "idList": ["CESA-2020:4035"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3251", "CPAI-2020-3252"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2019-8720"]}, {"type": "cve", "idList": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-14391", "CVE-2020-15503", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3214-1:78F2B", "DEBIAN:DSA-4558-1:35EA3", "DEBIAN:DSA-4563-1:121E7", "DEBIAN:DSA-4610-1:0DE10", "DEBIAN:DSA-4627-1:5CD4F", "DEBIAN:DSA-4641-1:E25EB", "DEBIAN:DSA-4658-1:B559B", "DEBIAN:DSA-4681-1:6DA13", "DEBIAN:DSA-4681-1:8167F", "DEBIAN:DSA-4724-1:6BA8A", "DEBIAN:DSA-4739-1:5AEC6", "DEBIAN:DSA-4739-1:90328"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-8625", "DEBIANCVE:CVE-2019-8710", "DEBIANCVE:CVE-2019-8720", "DEBIANCVE:CVE-2019-8743", "DEBIANCVE:CVE-2019-8764", "DEBIANCVE:CVE-2019-8766", "DEBIANCVE:CVE-2019-8769", "DEBIANCVE:CVE-2019-8771", "DEBIANCVE:CVE-2019-8782", "DEBIANCVE:CVE-2019-8783", "DEBIANCVE:CVE-2019-8808", "DEBIANCVE:CVE-2019-8811", "DEBIANCVE:CVE-2019-8812", "DEBIANCVE:CVE-2019-8813", "DEBIANCVE:CVE-2019-8814", "DEBIANCVE:CVE-2019-8815", "DEBIANCVE:CVE-2019-8816", "DEBIANCVE:CVE-2019-8819", "DEBIANCVE:CVE-2019-8820", "DEBIANCVE:CVE-2019-8823", "DEBIANCVE:CVE-2019-8835", "DEBIANCVE:CVE-2019-8844", "DEBIANCVE:CVE-2019-8846", "DEBIANCVE:CVE-2020-10018", "DEBIANCVE:CVE-2020-11793", "DEBIANCVE:CVE-2020-14391", "DEBIANCVE:CVE-2020-15503", "DEBIANCVE:CVE-2020-3862", "DEBIANCVE:CVE-2020-3864", "DEBIANCVE:CVE-2020-3865", "DEBIANCVE:CVE-2020-3867", "DEBIANCVE:CVE-2020-3868", "DEBIANCVE:CVE-2020-3885", "DEBIANCVE:CVE-2020-3894", "DEBIANCVE:CVE-2020-3895", "DEBIANCVE:CVE-2020-3897", "DEBIANCVE:CVE-2020-3899", "DEBIANCVE:CVE-2020-3900", "DEBIANCVE:CVE-2020-3901", "DEBIANCVE:CVE-2020-3902", "DEBIANCVE:CVE-2020-9802", "DEBIANCVE:CVE-2020-9803", "DEBIANCVE:CVE-2020-9805", "DEBIANCVE:CVE-2020-9806", "DEBIANCVE:CVE-2020-9807", "DEBIANCVE:CVE-2020-9843", "DEBIANCVE:CVE-2020-9850", "DEBIANCVE:CVE-2020-9862", "DEBIANCVE:CVE-2020-9893", "DEBIANCVE:CVE-2020-9894", "DEBIANCVE:CVE-2020-9895", "DEBIANCVE:CVE-2020-9915", "DEBIANCVE:CVE-2020-9925"]}, {"type": "fedora", "idList": ["FEDORA:08D23310004F", "FEDORA:1B1A130A014E", "FEDORA:1D47E30F4D4F", "FEDORA:1EA356092706", "FEDORA:33FC666A1E20", "FEDORA:565F36015190", "FEDORA:620E260877C1", "FEDORA:6C66A601463F", "FEDORA:73C1730C1E46", "FEDORA:8171330C09FB", "FEDORA:9F6FE6049CB5", "FEDORA:A351F606CFD5", "FEDORA:A56F0309448D", "FEDORA:B10D0604B3B3", "FEDORA:B29916092532", "FEDORA:BAFD56068146", "FEDORA:C00126087A1E", "FEDORA:C9283634429D", "FEDORA:C9F1930D42C8", "FEDORA:CBE8E30B452C", "FEDORA:DCC98600F6D1", "FEDORA:DD6063099060", "FEDORA:DE7A430C4609", "FEDORA:E071460876D1", "FEDORA:E3844606FD7F"]}, {"type": "freebsd", "idList": ["1CB0AF4E-D641-4F99-9432-297A89447A97", "3E748551-C732-45F6-BD88-928DA16F23A8", "92243B6A-5775-4AEA-8727-A938058DF5BA", "DC8CFF4C-4063-11EA-8A94-3497F6939FDD", "E418B8F0-9ABB-420B-A7F1-1D8231B352E2", "EFD03116-C2A9-11EA-82BC-B42E99A1B9C3"]}, {"type": "gentoo", "idList": ["GLSA-202003-22", "GLSA-202006-08", "GLSA-202007-11", "GLSA-202007-61"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37BA7BA880E3167EF2FF653967274013", "GOOGLEPROJECTZERO:82BC34EA810EB3C377CA67B9E6698CC2", "GOOGLEPROJECTZERO:91800FF4B3B97E581EBEE3342DED86A5"]}, {"type": "kaspersky", "idList": ["KLA11579", "KLA11580", "KLA11592", "KLA11593", "KLA11602", "KLA11603", "KLA11623", "KLA11624", "KLA11650", "KLA11651", "KLA11704", "KLA11705", "KLA11790", "KLA11791", "KLA11926"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "mageia", "idList": ["MGASA-2019-0324", "MGASA-2020-0067", "MGASA-2020-0092", "MGASA-2020-0144", "MGASA-2020-0177", "MGASA-2020-0188", "MGASA-2020-0317", "MGASA-2020-0368"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-OSX-BROWSER-SAFARI_IN_OPERATOR_SIDE_EFFECT-"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1563.NASL", "ALMA_LINUX_ALSA-2020-4451.NASL", "APPLETV_13_3.NASL", "APPLETV_13_3_1.NASL", "APPLETV_13_4.NASL", "APPLE_IOS_132_CHECK.NBIN", "CENTOS_RHSA-2020-4035.NASL", "DEBIAN_DLA-3214.NASL", "DEBIAN_DSA-4558.NASL", "DEBIAN_DSA-4563.NASL", "DEBIAN_DSA-4610.NASL", "DEBIAN_DSA-4627.NASL", "DEBIAN_DSA-4641.NASL", "DEBIAN_DSA-4658.NASL", "DEBIAN_DSA-4681.NASL", "DEBIAN_DSA-4724.NASL", "DEBIAN_DSA-4739.NASL", "FEDORA_2019-4213E37211.NASL", "FEDORA_2019-99DB7A510E.NASL", "FEDORA_2019-FA0C4B0674.NASL", "FEDORA_2020-07F0A49A9E.NASL", "FEDORA_2020-11B0F45883.NASL", "FEDORA_2020-24B936A870.NASL", "FEDORA_2020-3269917C2F.NASL", "FEDORA_2020-4832F2BD62.NASL", "FEDORA_2020-4D11D35A1F.NASL", "FEDORA_2020-4F4C778096.NASL", "FEDORA_2020-7F34D2CFD8.NASL", "FEDORA_2020-97E849CE46.NASL", "FEDORA_2020-A496A39B00.NASL", "FEDORA_2020-AB074C6CDF.NASL", "FEDORA_2020-BD170E803F.NASL", "FEDORA_2020-C6FA12CFB1.NASL", "FEDORA_2020-D2736EE493.NASL", "FEDORA_2020-ED284FD64B.NASL", "FEDORA_2020-F11A905FC2.NASL", "FEDORA_2020-F25793AAC4.NASL", "FEDORA_2020-F3FA778924.NASL", "FEDORA_2020-F407DB0E65.NASL", "FEDORA_2020-F421EEA477.NASL", "FREEBSD_PKG_1CB0AF4ED6414F999432297A89447A97.NASL", "FREEBSD_PKG_3E748551C73245F6BD88928DA16F23A8.NASL", "FREEBSD_PKG_92243B6A57754AEA8727A938058DF5BA.NASL", "FREEBSD_PKG_DC8CFF4C406311EA8A943497F6939FDD.NASL", "FREEBSD_PKG_E418B8F09ABB420BA7F11D8231B352E2.NASL", "FREEBSD_PKG_EFD03116C2A911EA82BCB42E99A1B9C3.NASL", "GENTOO_GLSA-202003-22.NASL", "GENTOO_GLSA-202006-08.NASL", "GENTOO_GLSA-202007-11.NASL", "GENTOO_GLSA-202007-61.NASL", "ICLOUD_10_8.NASL", "ICLOUD_10_9.NASL", "ICLOUD_10_9_2.NASL", "ICLOUD_10_9_3.NASL", "ICLOUD_7_15.NASL", "ICLOUD_7_16.NASL", "ICLOUD_7_17.NASL", "ICLOUD_7_18.NASL", "ITUNES_12_10_2.NASL", "ITUNES_12_10_3.NASL", "ITUNES_12_10_3_BANNER.NASL", "ITUNES_12_10_4.NASL", "ITUNES_12_10_4_BANNER.NASL", "ITUNES_12_10_5.NASL", "ITUNES_12_10_5_BANNER.NASL", "MACOS_HT210634.NASL", "NEWSTART_CGSL_NS-SA-2021-0041_WEBKITGTK4.NASL", "NEWSTART_CGSL_NS-SA-2021-0059_WEBKIT2GTK3.NASL", "NEWSTART_CGSL_NS-SA-2021-0063_LIBRAW.NASL", "NEWSTART_CGSL_NS-SA-2021-0076_GNOME-SETTINGS-DAEMON.NASL", "NEWSTART_CGSL_NS-SA-2021-0166_WEBKITGTK4.NASL", "OPENSUSE-2019-2587.NASL", "OPENSUSE-2019-2591.NASL", "OPENSUSE-2020-1064.NASL", "OPENSUSE-2020-1088.NASL", "OPENSUSE-2020-1128.NASL", "OPENSUSE-2020-1256.NASL", "OPENSUSE-2020-1275.NASL", "OPENSUSE-2020-278.NASL", "OPENSUSE-2020-602.NASL", "OPENSUSE-2020-646.NASL", "OPENSUSE-2022-0182-1.NASL", "ORACLELINUX_ELSA-2020-4035.NASL", "ORACLELINUX_ELSA-2020-4451.NASL", "REDHAT-RHSA-2020-4035.NASL", "REDHAT-RHSA-2020-4451.NASL", "REDHAT-RHSA-2021-0266.NASL", "SL_20201001_WEBKITGTK4_ON_SL7_X.NASL", "SUSE_SU-2019-3044-1.NASL", "SUSE_SU-2020-0468-1.NASL", "SUSE_SU-2020-1109-1.NASL", "SUSE_SU-2020-1135-1.NASL", "SUSE_SU-2020-1198-1.NASL", "SUSE_SU-2020-1211-1.NASL", "SUSE_SU-2020-1990-1.NASL", "SUSE_SU-2020-1992-1.NASL", "SUSE_SU-2020-2069-1.NASL", "SUSE_SU-2020-2198-1.NASL", "SUSE_SU-2020-2199-1.NASL", "SUSE_SU-2020-2232-1.NASL", "SUSE_SU-2022-0142-1.NASL", "SUSE_SU-2022-0182-1.NASL", "SUSE_SU-2022-0182-2.NASL", "SUSE_SU-2022-0183-1.NASL", "UBUNTU_USN-4178-1.NASL", "UBUNTU_USN-4181-1.NASL", "UBUNTU_USN-4261-1.NASL", "UBUNTU_USN-4281-1.NASL", "UBUNTU_USN-4310-1.NASL", "UBUNTU_USN-4331-1.NASL", "UBUNTU_USN-4347-1.NASL", "UBUNTU_USN-4422-1.NASL", "UBUNTU_USN-4444-1.NASL", "UBUNTU_USN-5715-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704558", "OPENVAS:1361412562310704563", "OPENVAS:1361412562310704610", "OPENVAS:1361412562310704627", "OPENVAS:1361412562310704641", "OPENVAS:1361412562310704658", "OPENVAS:1361412562310704681", "OPENVAS:1361412562310704724", "OPENVAS:1361412562310815495", "OPENVAS:1361412562310815496", "OPENVAS:1361412562310815550", "OPENVAS:1361412562310815818", "OPENVAS:1361412562310815826", "OPENVAS:1361412562310815827", "OPENVAS:1361412562310815828", "OPENVAS:1361412562310815876", "OPENVAS:1361412562310816718", "OPENVAS:1361412562310816719", "OPENVAS:1361412562310816720", "OPENVAS:1361412562310816721", "OPENVAS:1361412562310817028", "OPENVAS:1361412562310817029", "OPENVAS:1361412562310817030", "OPENVAS:1361412562310844227", "OPENVAS:1361412562310844232", "OPENVAS:1361412562310844321", "OPENVAS:1361412562310844344", "OPENVAS:1361412562310844377", "OPENVAS:1361412562310844396", "OPENVAS:1361412562310844415", "OPENVAS:1361412562310852791", "OPENVAS:1361412562310852964", "OPENVAS:1361412562310853057", "OPENVAS:1361412562310853139", "OPENVAS:1361412562310853145", "OPENVAS:1361412562310876964", "OPENVAS:1361412562310877012", "OPENVAS:1361412562310877211", "OPENVAS:1361412562310877412", "OPENVAS:1361412562310877414", "OPENVAS:1361412562310877494", "OPENVAS:1361412562310877501", "OPENVAS:1361412562310877600", "OPENVAS:1361412562310877608", "OPENVAS:1361412562310877721", "OPENVAS:1361412562310877723", "OPENVAS:1361412562310877724", "OPENVAS:1361412562310877758", "OPENVAS:1361412562310877784", "OPENVAS:1361412562310877789"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4035", "ELSA-2020-4451"]}, {"type": "osv", "idList": ["OSV:DLA-3214-1", "OSV:DSA-4558-1", "OSV:DSA-4563-1", "OSV:DSA-4610-1", "OSV:DSA-4627-1", "OSV:DSA-4641-1", "OSV:DSA-4658-1", "OSV:DSA-4681-1", "OSV:DSA-4724-1", "OSV:DSA-4739-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:155112", "PACKETSTORM:157378", "PACKETSTORM:157926", "PACKETSTORM:159447"]}, {"type": "redhat", "idList": ["RHSA-2020:4035", "RHSA-2020:4451", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0190", "RHSA-2021:0266", "RHSA-2021:0436", "RHSA-2021:0799", "RHSA-2022:0056", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-8625", "RH:CVE-2019-8710", "RH:CVE-2019-8720", "RH:CVE-2019-8743", "RH:CVE-2019-8764", "RH:CVE-2019-8766", "RH:CVE-2019-8769", "RH:CVE-2019-8771", "RH:CVE-2019-8782", "RH:CVE-2019-8783", "RH:CVE-2019-8808", "RH:CVE-2019-8811", "RH:CVE-2019-8812", "RH:CVE-2019-8813", "RH:CVE-2019-8814", "RH:CVE-2019-8815", "RH:CVE-2019-8816", "RH:CVE-2019-8819", "RH:CVE-2019-8820", "RH:CVE-2019-8823", "RH:CVE-2019-8835", "RH:CVE-2019-8844", "RH:CVE-2019-8846", "RH:CVE-2020-10018", "RH:CVE-2020-11793", "RH:CVE-2020-14391", "RH:CVE-2020-15503", "RH:CVE-2020-3862", "RH:CVE-2020-3864", "RH:CVE-2020-3865", "RH:CVE-2020-3867", "RH:CVE-2020-3868", "RH:CVE-2020-3885", "RH:CVE-2020-3894", "RH:CVE-2020-3895", "RH:CVE-2020-3897", "RH:CVE-2020-3899", "RH:CVE-2020-3900", "RH:CVE-2020-3901", "RH:CVE-2020-3902", "RH:CVE-2020-9802", "RH:CVE-2020-9803", "RH:CVE-2020-9805", "RH:CVE-2020-9806", "RH:CVE-2020-9807", "RH:CVE-2020-9843", "RH:CVE-2020-9850", "RH:CVE-2020-9862", "RH:CVE-2020-9893", "RH:CVE-2020-9894", "RH:CVE-2020-9895", "RH:CVE-2020-9915", "RH:CVE-2020-9925"]}, {"type": "rocky", "idList": ["RLSA-2020:4451"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2587-1", "OPENSUSE-SU-2019:2591-1", "OPENSUSE-SU-2020:0278-1", "OPENSUSE-SU-2020:0602-1", "OPENSUSE-SU-2020:0646-1", "OPENSUSE-SU-2020:1064-1", "OPENSUSE-SU-2020:1088-1", "OPENSUSE-SU-2020:1128-1", "OPENSUSE-SU-2020:1256-1", "OPENSUSE-SU-2020:1275-1", "OPENSUSE-SU-2022:0182-1", "OPENSUSE-SU-2022:0182-2"]}, {"type": "symantec", "idList": ["SMNTC-110393", "SMNTC-111158", "SMNTC-111164", "SMNTC-111352"]}, {"type": "talos", "idList": ["TALOS-2019-0943", "TALOS-2019-0967"]}, {"type": "talosblog", "idList": ["TALOSBLOG:05E3F5C3268BCA0F23A702005ACD5EDB", "TALOSBLOG:22D0EBF21CDAA0E29A36871E0EFDE522"]}, {"type": "thn", "idList": ["THN:1D059A29F13AF81A28C2D2770E5CD2E6"]}, {"type": "threatpost", "idList": ["THREATPOST:2334EE5F6C03FC3ECE377B9BD44BA4E7", "THREATPOST:3F81254E133ABD9AE724F95349C0040A", "THREATPOST:ABBA6B89522F29EE1F01F3D010F46FC0", "THREATPOST:F770D8B67D6B82405D9E85998887BDF3"]}, {"type": "ubuntu", "idList": ["USN-4178-1", "USN-4181-1", "USN-4261-1", "USN-4281-1", "USN-4310-1", "USN-4331-1", "USN-4347-1", "USN-4422-1", "USN-4444-1", "USN-5715-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-8625", "UB:CVE-2019-8710", "UB:CVE-2019-8720", "UB:CVE-2019-8743", "UB:CVE-2019-8764", "UB:CVE-2019-8766", "UB:CVE-2019-8769", "UB:CVE-2019-8771", "UB:CVE-2019-8782", "UB:CVE-2019-8783", "UB:CVE-2019-8808", "UB:CVE-2019-8811", "UB:CVE-2019-8812", "UB:CVE-2019-8813", "UB:CVE-2019-8814", "UB:CVE-2019-8815", "UB:CVE-2019-8816", "UB:CVE-2019-8819", "UB:CVE-2019-8820", "UB:CVE-2019-8823", "UB:CVE-2019-8835", "UB:CVE-2019-8844", "UB:CVE-2019-8846", "UB:CVE-2020-10018", "UB:CVE-2020-11793", "UB:CVE-2020-14391", "UB:CVE-2020-15503", "UB:CVE-2020-3862", "UB:CVE-2020-3864", "UB:CVE-2020-3865", "UB:CVE-2020-3867", "UB:CVE-2020-3868", "UB:CVE-2020-3885", "UB:CVE-2020-3894", "UB:CVE-2020-3895", "UB:CVE-2020-3897", "UB:CVE-2020-3899", "UB:CVE-2020-3900", "UB:CVE-2020-3901", "UB:CVE-2020-3902", "UB:CVE-2020-9802", "UB:CVE-2020-9803", "UB:CVE-2020-9805", "UB:CVE-2020-9806", "UB:CVE-2020-9807", "UB:CVE-2020-9843", "UB:CVE-2020-9850", "UB:CVE-2020-9862", "UB:CVE-2020-9893", "UB:CVE-2020-9894", "UB:CVE-2020-9895", "UB:CVE-2020-9915", "UB:CVE-2020-9925"]}, {"type": "veracode", "idList": ["VERACODE:26054", "VERACODE:26056", "VERACODE:26057", "VERACODE:26058", "VERACODE:26059", "VERACODE:26086", "VERACODE:26087", "VERACODE:26090", "VERACODE:26093", "VERACODE:26096", "VERACODE:26097", "VERACODE:26140", "VERACODE:26235", "VERACODE:26239", "VERACODE:26260", "VERACODE:26263", "VERACODE:27378", "VERACODE:27405", "VERACODE:27407", "VERACODE:27411", "VERACODE:27413", "VERACODE:27414", "VERACODE:27416", "VERACODE:27417", "VERACODE:27418", "VERACODE:27419", "VERACODE:27420", "VERACODE:27421", "VERACODE:27422", "VERACODE:27423", "VERACODE:27424", "VERACODE:27425", "VERACODE:27426", "VERACODE:27427", "VERACODE:27428", "VERACODE:27431", "VERACODE:27432", "VERACODE:27433", "VERACODE:27434", "VERACODE:27437", "VERACODE:27439", "VERACODE:27440", "VERACODE:27441", "VERACODE:27442", "VERACODE:27443", "VERACODE:27444", "VERACODE:27445", "VERACODE:27446", "VERACODE:27447", "VERACODE:27448", "VERACODE:27449", "VERACODE:27450", "VERACODE:27797"]}, {"type": "zdi", "idList": ["ZDI-19-1026", "ZDI-20-144", "ZDI-20-341", "ZDI-20-672", "ZDI-20-907", "ZDI-20-909"]}, {"type": "zdt", "idList": ["1337DAY-ID-33452", "1337DAY-ID-34305", "1337DAY-ID-34510", "1337DAY-ID-34995"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4451"]}, {"type": "amazon", "idList": ["ALAS2-2020-1563"]}, {"type": "apple", "idList": ["APPLE:0458C0EDF2FE61DE5E3752F33DA333D7", "APPLE:07C404431E4E9AA795FF43515E579852", "APPLE:0CE264553CBE730E0D2CF16017A5B273", "APPLE:18DA9C53BF9A01E449E85E3E61CCDEC0", "APPLE:22E5661C993E7A1F50344055EDC625BA", "APPLE:23F4B15F98B9E907DBA0469D5F0BC654", "APPLE:24F0CE6C0A090A12BFC0624F060D429D", "APPLE:2BE63E6C0ABEE62B27017A6E38BA31E8", "APPLE:2C63B730F1D775BC1F496033AB4C1E50", "APPLE:39DFCF58466CAAB3F50DE93E2A885C72", "APPLE:4F5D2C20724C56D494032826B570F894", "APPLE:51FF6F769BC40CE415F07D8346C6A88D", "APPLE:53B6452EB8CCAAEE3940A468CD7301EF", "APPLE:5A8CFDD70DD53A4CB492643428B2B78C", "APPLE:60BF7F72692F6CFF341525F7AC92F5EC", "APPLE:7033CCA4E259F96F17D1D049B6D11BE0", "APPLE:82B6E79FBF3E204AFF11B0D8FA1D8701", "APPLE:8962973934F6CCC5756D8D4DB8D1F37F", "APPLE:8C1FE42B64A09C7B23ECEB4773F3CF3C", "APPLE:8EE1AE6C5FCC43369EAB8454FB35ED71", "APPLE:A1A8D52172AE1DABB07F3860D96264D1", "APPLE:A795FDEEEAA9C6C9B86551E188F8FA02", "APPLE:AA327FA1C4CF3105C8CBED9D78735E12", "APPLE:AA7D20441BD99D01D8BEDE3B9762EB04", "APPLE:B079F933FC53AA9BD392638EBBEA2490", "APPLE:B52E92BE35619FA480B979F2662F87F8", "APPLE:B7C1A6678C1DA6625F5D2C92817D61DA", "APPLE:B891E6B961A423A3FA7E0836C2B1370D", "APPLE:BEA171F52CE1A41E31B39FE9FEF8FF60", "APPLE:CB6B9C8601808E98E91120E4D36A36F1", "APPLE:CC90AF91854DC3DAAF69A4D6FA63346F", "APPLE:CF9C08BD8DDC6A4A1E0D3912347422D3", "APPLE:D725BA42FF7DF9373C130EE10E8F427D", "APPLE:E7AB28D63A34D7E0CE963F4835068B5C", "APPLE:ED19354ED13D765201D7E383EBAA2805", "APPLE:F0DD36964D42DC3E67689751DBBFF908", "APPLE:F7CA1A5840C15D3C9444B9C7F4FBA655", "APPLE:F8724C8799ED31E68E5E9D403280DAB8", "APPLE:HT210603", "APPLE:HT210604", "APPLE:HT210605", "APPLE:HT210606", "APPLE:HT210607", "APPLE:HT210608", "APPLE:HT210634", "APPLE:HT210635", "APPLE:HT210636", "APPLE:HT210637", "APPLE:HT210721", "APPLE:HT210723", "APPLE:HT210724", "APPLE:HT210725", "APPLE:HT210726", "APPLE:HT210727", "APPLE:HT210728", "APPLE:HT210785", "APPLE:HT210789", "APPLE:HT210790", "APPLE:HT210792", "APPLE:HT210793", "APPLE:HT210794", "APPLE:HT210795", "APPLE:HT210918", "APPLE:HT210920", "APPLE:HT210922", "APPLE:HT210923", "APPLE:HT210947", "APPLE:HT210948", "APPLE:HT211100", "APPLE:HT211101", "APPLE:HT211102", "APPLE:HT211103", "APPLE:HT211104", "APPLE:HT211105", "APPLE:HT211106", "APPLE:HT211107"]}, {"type": "archlinux", "idList": ["ASA-202002-10", "ASA-202002-7", "ASA-202003-9", "ASA-202004-17", "ASA-202004-23", "ASA-202007-1"]}, {"type": "attackerkb", "idList": ["AKB:BC51026B-2BE3-44B4-BB8E-2FEAC9CE2DE6"]}, {"type": "centos", "idList": ["CESA-2020:4035"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3251", "CPAI-2020-3252"]}, {"type": "cve", "idList": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2020-10018", "CVE-2020-3862", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4558-1:35EA3", "DEBIAN:DSA-4563-1:121E7", "DEBIAN:DSA-4627-1:5CD4F", "DEBIAN:DSA-4641-1:E25EB", "DEBIAN:DSA-4681-1:8167F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-14391", "DEBIANCVE:CVE-2020-15503"]}, {"type": "fedora", "idList": ["FEDORA:08D23310004F", "FEDORA:1B1A130A014E", "FEDORA:1D47E30F4D4F", "FEDORA:1EA356092706", "FEDORA:33FC666A1E20", "FEDORA:565F36015190", "FEDORA:620E260877C1", "FEDORA:6C66A601463F", "FEDORA:73C1730C1E46", "FEDORA:8171330C09FB", "FEDORA:9F6FE6049CB5", "FEDORA:A351F606CFD5", "FEDORA:A56F0309448D", "FEDORA:B10D0604B3B3", "FEDORA:B29916092532", "FEDORA:BAFD56068146", "FEDORA:C00126087A1E", "FEDORA:C9283634429D", "FEDORA:C9F1930D42C8", "FEDORA:CBE8E30B452C", "FEDORA:DCC98600F6D1", "FEDORA:DD6063099060", "FEDORA:DE7A430C4609", "FEDORA:E071460876D1", "FEDORA:E3844606FD7F"]}, {"type": "freebsd", "idList": ["1CB0AF4E-D641-4F99-9432-297A89447A97", "3E748551-C732-45F6-BD88-928DA16F23A8", "92243B6A-5775-4AEA-8727-A938058DF5BA"]}, {"type": "gentoo", "idList": ["GLSA-202003-22"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37BA7BA880E3167EF2FF653967274013", "GOOGLEPROJECTZERO:82BC34EA810EB3C377CA67B9E6698CC2", "GOOGLEPROJECTZERO:91800FF4B3B97E581EBEE3342DED86A5"]}, {"type": "kaspersky", "idList": ["KLA11579", "KLA11580", "KLA11592", "KLA11593", "KLA11602", "KLA11603", "KLA11623", "KLA11624", "KLA11650", "KLA11651", "KLA11704", "KLA11705", "KLA11790", "KLA11791", "KLA11926"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/OSX/BROWSER/SAFARI_IN_OPERATOR_SIDE_EFFECT"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1563.NASL", "APPLETV_13_3.NASL", "APPLETV_13_3_1.NASL", "APPLETV_13_4.NASL", "CENTOS_RHSA-2020-4035.NASL", "DEBIAN_DSA-4558.NASL", "DEBIAN_DSA-4563.NASL", "DEBIAN_DSA-4627.NASL", "DEBIAN_DSA-4641.NASL", "DEBIAN_DSA-4658.NASL", "DEBIAN_DSA-4681.NASL", "FEDORA_2019-4213E37211.NASL", "FEDORA_2019-99DB7A510E.NASL", "FEDORA_2019-FA0C4B0674.NASL", "FEDORA_2020-11B0F45883.NASL", "FEDORA_2020-3269917C2F.NASL", "FEDORA_2020-4832F2BD62.NASL", "FEDORA_2020-4D11D35A1F.NASL", "FEDORA_2020-7F34D2CFD8.NASL", "FEDORA_2020-BD170E803F.NASL", "FREEBSD_PKG_1CB0AF4ED6414F999432297A89447A97.NASL", "FREEBSD_PKG_3E748551C73245F6BD88928DA16F23A8.NASL", "FREEBSD_PKG_92243B6A57754AEA8727A938058DF5BA.NASL", "FREEBSD_PKG_E418B8F09ABB420BA7F11D8231B352E2.NASL", "FREEBSD_PKG_EFD03116C2A911EA82BCB42E99A1B9C3.NASL", "GENTOO_GLSA-202003-22.NASL", "ITUNES_12_10_2.NASL", "ITUNES_12_10_3.NASL", "ITUNES_12_10_4.NASL", "ITUNES_12_10_4_BANNER.NASL", "MACOS_HT210634.NASL", "OPENSUSE-2019-2587.NASL", "OPENSUSE-2019-2591.NASL", "OPENSUSE-2020-278.NASL", "OPENSUSE-2020-602.NASL", "OPENSUSE-2020-646.NASL", "ORACLELINUX_ELSA-2020-4035.NASL", "ORACLELINUX_ELSA-2020-4451.NASL", "REDHAT-RHSA-2020-4035.NASL", "REDHAT-RHSA-2020-4451.NASL", "SUSE_SU-2019-3044-1.NASL", "SUSE_SU-2020-0468-1.NASL", "SUSE_SU-2020-1109-1.NASL", "SUSE_SU-2020-1135-1.NASL", "SUSE_SU-2020-1198-1.NASL", "UBUNTU_USN-4178-1.NASL", "UBUNTU_USN-4181-1.NASL", "UBUNTU_USN-4281-1.NASL", "UBUNTU_USN-4331-1.NASL", "UBUNTU_USN-4347-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704558", "OPENVAS:1361412562310704563", "OPENVAS:1361412562310704627", "OPENVAS:1361412562310704641", "OPENVAS:1361412562310704681", "OPENVAS:1361412562310815495", "OPENVAS:1361412562310815496", "OPENVAS:1361412562310815550", "OPENVAS:1361412562310815818", "OPENVAS:1361412562310815826", "OPENVAS:1361412562310815827", "OPENVAS:1361412562310815828", "OPENVAS:1361412562310815876", "OPENVAS:1361412562310844227", "OPENVAS:1361412562310844232", "OPENVAS:1361412562310844344", "OPENVAS:1361412562310844415", "OPENVAS:1361412562310852791", "OPENVAS:1361412562310853057", "OPENVAS:1361412562310853139", "OPENVAS:1361412562310853145", "OPENVAS:1361412562310876964", "OPENVAS:1361412562310877012", "OPENVAS:1361412562310877494", "OPENVAS:1361412562310877501", "OPENVAS:1361412562310877721", "OPENVAS:1361412562310877723", "OPENVAS:1361412562310877724", "OPENVAS:1361412562310877758", "OPENVAS:1361412562310877784", "OPENVAS:1361412562310877789"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4035", "ELSA-2020-4451"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:155112", "PACKETSTORM:157378"]}, {"type": "redhat", "idList": ["RHSA-2020:4451"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-8625", "RH:CVE-2019-8710", "RH:CVE-2019-8720", "RH:CVE-2019-8743", "RH:CVE-2019-8764", "RH:CVE-2019-8766", "RH:CVE-2019-8769", "RH:CVE-2019-8771", "RH:CVE-2019-8782", "RH:CVE-2019-8783", "RH:CVE-2019-8808", "RH:CVE-2019-8811", "RH:CVE-2019-8812", "RH:CVE-2019-8813", "RH:CVE-2019-8814", "RH:CVE-2019-8815", "RH:CVE-2019-8816", "RH:CVE-2019-8819", "RH:CVE-2019-8820", "RH:CVE-2019-8823", "RH:CVE-2019-8844", "RH:CVE-2019-8846", "RH:CVE-2020-10018", "RH:CVE-2020-11793", "RH:CVE-2020-14391", "RH:CVE-2020-15503", "RH:CVE-2020-3862", "RH:CVE-2020-3864", "RH:CVE-2020-3865", "RH:CVE-2020-3867", "RH:CVE-2020-3868", "RH:CVE-2020-3885", "RH:CVE-2020-3894", "RH:CVE-2020-3895", "RH:CVE-2020-3897", "RH:CVE-2020-3899", "RH:CVE-2020-3900", "RH:CVE-2020-3901", "RH:CVE-2020-3902", "RH:CVE-2020-9802", "RH:CVE-2020-9805", "RH:CVE-2020-9806", "RH:CVE-2020-9807", "RH:CVE-2020-9843", "RH:CVE-2020-9850", "RH:CVE-2020-9862", "RH:CVE-2020-9893", "RH:CVE-2020-9894", "RH:CVE-2020-9895", "RH:CVE-2020-9915", "RH:CVE-2020-9925"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2587-1", "OPENSUSE-SU-2019:2591-1", "OPENSUSE-SU-2020:0278-1", "OPENSUSE-SU-2020:0602-1", "OPENSUSE-SU-2020:0646-1"]}, {"type": "symantec", "idList": ["SMNTC-111164"]}, {"type": "talos", "idList": ["TALOS-2019-0943"]}, {"type": "talosblog", "idList": ["TALOSBLOG:22D0EBF21CDAA0E29A36871E0EFDE522"]}, {"type": "thn", "idList": ["THN:1D059A29F13AF81A28C2D2770E5CD2E6"]}, {"type": "threatpost", "idList": ["THREATPOST:F770D8B67D6B82405D9E85998887BDF3"]}, {"type": "ubuntu", "idList": ["USN-4178-1", "USN-4181-1", "USN-4281-1", "USN-4347-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-8625", "UB:CVE-2019-8710", "UB:CVE-2019-8720", "UB:CVE-2019-8764", "UB:CVE-2019-8766", "UB:CVE-2019-8769", "UB:CVE-2019-8771", "UB:CVE-2019-8782", "UB:CVE-2019-8808", "UB:CVE-2019-8811", "UB:CVE-2019-8812", "UB:CVE-2019-8813", "UB:CVE-2019-8814", "UB:CVE-2019-8815", "UB:CVE-2019-8816", "UB:CVE-2019-8819", "UB:CVE-2019-8823", "UB:CVE-2019-8835", "UB:CVE-2019-8844", "UB:CVE-2019-8846", "UB:CVE-2020-10018", "UB:CVE-2020-11793", "UB:CVE-2020-15503", "UB:CVE-2020-3862", "UB:CVE-2020-3864", "UB:CVE-2020-3867", "UB:CVE-2020-3868", "UB:CVE-2020-3885", "UB:CVE-2020-3894", "UB:CVE-2020-3895", "UB:CVE-2020-3897", "UB:CVE-2020-3899", "UB:CVE-2020-3900", "UB:CVE-2020-3901", "UB:CVE-2020-3902", "UB:CVE-2020-9802", "UB:CVE-2020-9803", "UB:CVE-2020-9805", "UB:CVE-2020-9806", "UB:CVE-2020-9807", "UB:CVE-2020-9843", "UB:CVE-2020-9850", "UB:CVE-2020-9862", "UB:CVE-2020-9893", "UB:CVE-2020-9894", "UB:CVE-2020-9895", "UB:CVE-2020-9915", "UB:CVE-2020-9925"]}, {"type": "zdi", "idList": ["ZDI-20-144", "ZDI-20-672"]}, {"type": "zdt", "idList": ["1337DAY-ID-33452"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-8625", "epss": 0.00096, "percentile": 0.38955, "modified": "2023-05-07"}, {"cve": "CVE-2019-8710", "epss": 0.00306, "percentile": 0.65334, "modified": "2023-05-07"}, {"cve": "CVE-2019-8720", "epss": 0.00455, "percentile": 0.71531, "modified": "2023-05-07"}, {"cve": "CVE-2019-8743", "epss": 0.00306, "percentile": 0.65334, "modified": "2023-05-07"}, {"cve": "CVE-2019-8764", "epss": 0.00217, "percentile": 0.58219, "modified": "2023-05-07"}, {"cve": "CVE-2019-8766", "epss": 0.00395, "percentile": 0.69483, "modified": "2023-05-07"}, {"cve": "CVE-2019-8769", "epss": 0.00076, "percentile": 0.30711, "modified": "2023-05-07"}, {"cve": "CVE-2019-8771", "epss": 0.00078, "percentile": 0.31743, "modified": "2023-05-07"}, {"cve": "CVE-2019-8782", "epss": 0.00533, "percentile": 0.73703, "modified": "2023-05-07"}, {"cve": "CVE-2019-8783", "epss": 0.01347, "percentile": 0.84117, "modified": "2023-05-07"}, {"cve": "CVE-2019-8808", "epss": 0.00533, "percentile": 0.73703, "modified": "2023-05-07"}, {"cve": "CVE-2019-8811", "epss": 0.00735, "percentile": 0.78062, "modified": "2023-05-07"}, {"cve": "CVE-2019-8812", "epss": 0.00533, "percentile": 0.73703, "modified": "2023-05-07"}, {"cve": "CVE-2019-8813", "epss": 0.00163, "percentile": 0.51528, "modified": "2023-05-07"}, {"cve": "CVE-2019-8814", "epss": 0.00539, "percentile": 0.73859, "modified": "2023-05-07"}, {"cve": "CVE-2019-8815", "epss": 0.00539, "percentile": 0.73859, "modified": "2023-05-07"}, {"cve": "CVE-2019-8816", "epss": 0.0059, "percentile": 0.75071, "modified": "2023-05-07"}, {"cve": "CVE-2019-8819", "epss": 0.01347, "percentile": 0.84117, "modified": "2023-05-07"}, {"cve": "CVE-2019-8820", "epss": 0.76572, "percentile": 0.97682, "modified": "2023-05-07"}, {"cve": "CVE-2019-8823", "epss": 0.01347, "percentile": 0.84117, "modified": "2023-05-07"}, {"cve": "CVE-2019-8835", "epss": 0.00321, "percentile": 0.66184, "modified": "2023-05-07"}, {"cve": "CVE-2019-8844", "epss": 0.00712, "percentile": 0.77608, "modified": "2023-05-07"}, {"cve": "CVE-2019-8846", "epss": 0.00338, "percentile": 0.6701, "modified": "2023-05-07"}, {"cve": "CVE-2020-10018", "epss": 0.00828, "percentile": 0.79548, "modified": "2023-05-07"}, {"cve": "CVE-2020-11793", "epss": 0.01336, "percentile": 0.84024, "modified": "2023-05-07"}, {"cve": "CVE-2020-14391", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-15503", "epss": 0.00708, "percentile": 0.7756, "modified": "2023-05-07"}, {"cve": "CVE-2020-3862", "epss": 0.00168, "percentile": 0.52178, "modified": "2023-05-07"}, {"cve": "CVE-2020-3864", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2020-3865", "epss": 0.00338, "percentile": 0.67027, "modified": "2023-05-07"}, {"cve": "CVE-2020-3867", "epss": 0.00159, "percentile": 0.51057, "modified": "2023-05-07"}, {"cve": "CVE-2020-3868", "epss": 0.00255, "percentile": 0.61886, "modified": "2023-05-07"}, {"cve": "CVE-2020-3885", "epss": 0.00216, "percentile": 0.5811, "modified": "2023-05-07"}, {"cve": "CVE-2020-3894", "epss": 0.02025, "percentile": 0.87197, "modified": "2023-05-07"}, {"cve": "CVE-2020-3895", "epss": 0.00901, "percentile": 0.80394, "modified": "2023-05-07"}, {"cve": "CVE-2020-3897", "epss": 0.01319, "percentile": 0.83933, "modified": "2023-05-07"}, {"cve": "CVE-2020-3899", "epss": 0.00982, "percentile": 0.81225, "modified": "2023-05-07"}, {"cve": "CVE-2020-3900", "epss": 0.00901, "percentile": 0.80394, "modified": "2023-05-07"}, {"cve": "CVE-2020-3901", "epss": 0.0089, "percentile": 0.80277, "modified": "2023-05-07"}, {"cve": "CVE-2020-3902", "epss": 0.00574, "percentile": 0.74686, "modified": "2023-05-07"}, {"cve": "CVE-2020-9802", "epss": 0.57557, "percentile": 0.97159, "modified": "2023-05-07"}, {"cve": "CVE-2020-9803", "epss": 0.00636, "percentile": 0.76035, "modified": "2023-05-07"}, {"cve": "CVE-2020-9805", "epss": 0.00302, "percentile": 0.65036, "modified": "2023-05-07"}, {"cve": "CVE-2020-9806", "epss": 0.00639, "percentile": 0.76147, "modified": "2023-05-07"}, {"cve": "CVE-2020-9807", "epss": 0.00639, "percentile": 0.76147, "modified": "2023-05-07"}, {"cve": "CVE-2020-9843", "epss": 0.0033, "percentile": 0.66688, "modified": "2023-05-07"}, {"cve": "CVE-2020-9850", "epss": 0.4265, "percentile": 0.96768, "modified": "2023-05-07"}, {"cve": "CVE-2020-9862", "epss": 0.00116, "percentile": 0.44017, "modified": "2023-05-07"}, {"cve": "CVE-2020-9893", "epss": 0.00989, "percentile": 0.81298, "modified": "2023-05-07"}, {"cve": "CVE-2020-9894", "epss": 0.00351, "percentile": 0.67666, "modified": "2023-05-07"}, {"cve": "CVE-2020-9895", "epss": 0.01934, "percentile": 0.86867, "modified": "2023-05-07"}, {"cve": "CVE-2020-9915", "epss": 0.00196, "percentile": 0.56038, "modified": "2023-05-07"}, {"cve": "CVE-2020-9925", "epss": 0.00234, "percentile": 0.59955, "modified": "2023-05-07"}], "vulnersScore": 0.3}, "_state": {"dependencies": 1687875506, "score": 1698841580, "epss": 0}, "_internal": {"score_hash": "a8aff2126173015e93811dc3a5b63e28"}, "pluginID": "145826", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4451. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145826);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8710\",\n \"CVE-2019-8720\",\n \"CVE-2019-8743\",\n \"CVE-2019-8764\",\n \"CVE-2019-8766\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8823\",\n \"CVE-2019-8835\",\n \"CVE-2019-8844\",\n \"CVE-2019-8846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\",\n \"CVE-2020-3885\",\n \"CVE-2020-3894\",\n \"CVE-2020-3895\",\n \"CVE-2020-3897\",\n \"CVE-2020-3899\",\n \"CVE-2020-3900\",\n \"CVE-2020-3901\",\n \"CVE-2020-3902\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\",\n \"CVE-2020-10018\",\n \"CVE-2020-11793\",\n \"CVE-2020-14391\",\n \"CVE-2020-15503\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4451\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"CentOS 8 : GNOME (CESA-2020:4451)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4451 advisory.\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8625,\n CVE-2019-8813, CVE-2020-3867)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8710,\n CVE-2019-8720, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812,\n CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2020-3868)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8743)\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8764)\n\n - webkitgtk: Websites could reveal browsing history (CVE-2019-8769)\n\n - webkitgtk: Violation of iframe sandboxing policy (CVE-2019-8771)\n\n - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835,\n CVE-2019-8844)\n\n - webkitgtk: Use after free issue may lead to remote code execution (CVE-2019-8846)\n\n - webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp (CVE-2020-10018)\n\n - webkitgtk: use-after-free via crafted web content (CVE-2020-11793)\n\n - gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when\n user registers through GNOME control center (CVE-2020-14391)\n\n - LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)\n\n - webkitgtk: Denial of service via incorrect memory handling (CVE-2020-3862)\n\n - webkitgtk: Non-unique security origin for DOM object contexts (CVE-2020-3864)\n\n - webkitgtk: Incorrect security check for a top-level DOM object context (CVE-2020-3865)\n\n - webkitgtk: Incorrect processing of file URLs (CVE-2020-3885)\n\n - webkitgtk: Race condition allows reading of restricted memory (CVE-2020-3894)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3895)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2020-3897, CVE-2020-3901)\n\n - webkitgtk: Memory consumption issue leading to arbitrary code execution (CVE-2020-3899)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3900)\n\n - webkitgtk: Input validation issue leading to cross-site script attack (CVE-2020-3902)\n\n - webkitgtk: Logic issue may lead to arbitrary code execution (CVE-2020-9802, CVE-2020-9850)\n\n - webkitgtk: Memory corruption may lead to arbitrary code execution (CVE-2020-9803, CVE-2020-9806,\n CVE-2020-9807)\n\n - webkitgtk: Logic issue may lead to cross site scripting (CVE-2020-9805)\n\n - webkitgtk: Input validation issue may lead to cross site scripting (CVE-2020-9843)\n\n - webkitgtk: Command injection in web inspector (CVE-2020-9862)\n\n - webkitgtk: Use-after-free may lead to application termination or arbitrary code execution (CVE-2020-9893,\n CVE-2020-9895)\n\n - webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution\n (CVE-2020-9894)\n\n - webkitgtk: Access issue in content security policy (CVE-2020-9915)\n\n - webkitgtk: A logic issue may lead to cross site scripting (CVE-2020-9925)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4451\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3899\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'gnome-settings-daemon-3.32.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / gnome-settings-daemon / webkit2gtk3 / etc');\n}\n", "naslFamily": "CentOS Local Security Checks", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:libraw", "p-cpe:/a:centos:centos:libraw-devel", "p-cpe:/a:centos:centos:gnome-settings-daemon", "p-cpe:/a:centos:centos:webkit2gtk3", "p-cpe:/a:centos:centos:webkit2gtk3-devel", "p-cpe:/a:centos:centos:webkit2gtk3-jsc", "p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2020-3899", "vendor_cvss2": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2020-11-04T00:00:00", "vulnerabilityPublicationDate": "2019-09-23T00:00:00", "exploitableWith": ["Metasploit(Safari in Operator Side Effect Exploit)"]}

{"nessus": [{"lastseen": "2023-06-27T14:22:20", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4451 advisory.\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8766)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8844)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). (CVE-2020-11793)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9806, CVE-2020-9807)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9894)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9843)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. (CVE-2020-9862)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2020-9925)\n\n - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : GNOME (ELSA-2020-4451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-14391", "CVE-2020-15503", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libraw", "p-cpe:/a:oracle:linux:libraw-devel", "p-cpe:/a:oracle:linux:packagekit", "p-cpe:/a:oracle:linux:packagekit-command-not-found", "p-cpe:/a:oracle:linux:packagekit-cron", "p-cpe:/a:oracle:linux:packagekit-glib", "p-cpe:/a:oracle:linux:packagekit-glib-devel", "p-cpe:/a:oracle:linux:packagekit-gstreamer-plugin", "p-cpe:/a:oracle:linux:packagekit-gtk3-module", "p-cpe:/a:oracle:linux:dleyna-renderer", "p-cpe:/a:oracle:linux:frei0r-devel", "p-cpe:/a:oracle:linux:frei0r-plugins", "p-cpe:/a:oracle:linux:frei0r-plugins-opencv", "p-cpe:/a:oracle:linux:gdm", "p-cpe:/a:oracle:linux:gnome-classic-session", "p-cpe:/a:oracle:linux:gnome-control-center", "p-cpe:/a:oracle:linux:gnome-control-center-filesystem", "p-cpe:/a:oracle:linux:gnome-photos", "p-cpe:/a:oracle:linux:gnome-photos-tests", "p-cpe:/a:oracle:linux:gnome-remote-desktop", "p-cpe:/a:oracle:linux:gnome-session", "p-cpe:/a:oracle:linux:gnome-session-wayland-session", "p-cpe:/a:oracle:linux:gnome-session-xsession", "p-cpe:/a:oracle:linux:gnome-settings-daemon", "p-cpe:/a:oracle:linux:gnome-shell", "p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:oracle:linux:gnome-shell-extension-common", "p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:oracle:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-list", "p-cpe:/a:oracle:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:oracle:linux:gnome-terminal", "p-cpe:/a:oracle:linux:gnome-terminal-nautilus", "p-cpe:/a:oracle:linux:gsettings-desktop-schemas", "p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:oracle:linux:gtk-doc", "p-cpe:/a:oracle:linux:gtk-update-icon-cache", "p-cpe:/a:oracle:linux:gtk3", "p-cpe:/a:oracle:linux:gtk3-devel", "p-cpe:/a:oracle:linux:gtk3-immodule-xim", "p-cpe:/a:oracle:linux:gvfs", "p-cpe:/a:oracle:linux:gvfs-afc", "p-cpe:/a:oracle:linux:gvfs-afp", "p-cpe:/a:oracle:linux:gvfs-archive", "p-cpe:/a:oracle:linux:gvfs-client", "p-cpe:/a:oracle:linux:gvfs-devel", "p-cpe:/a:oracle:linux:gvfs-fuse", "p-cpe:/a:oracle:linux:gvfs-goa", "p-cpe:/a:oracle:linux:gvfs-gphoto2", "p-cpe:/a:oracle:linux:gvfs-mtp", "p-cpe:/a:oracle:linux:gvfs-smb", "p-cpe:/a:oracle:linux:libsoup", "p-cpe:/a:oracle:linux:libsoup-devel", "p-cpe:/a:oracle:linux:mutter", "p-cpe:/a:oracle:linux:mutter-devel", "p-cpe:/a:oracle:linux:nautilus", "p-cpe:/a:oracle:linux:nautilus-devel", "p-cpe:/a:oracle:linux:nautilus-extensions", "p-cpe:/a:oracle:linux:pipewire", "p-cpe:/a:oracle:linux:pipewire-devel", "p-cpe:/a:oracle:linux:pipewire-doc", "p-cpe:/a:oracle:linux:pipewire-libs", "p-cpe:/a:oracle:linux:pipewire-utils", "p-cpe:/a:oracle:linux:pipewire0.2-devel", "p-cpe:/a:oracle:linux:pipewire0.2-libs", "p-cpe:/a:oracle:linux:potrace", "p-cpe:/a:oracle:linux:pygobject3-devel", "p-cpe:/a:oracle:linux:python3-gobject", "p-cpe:/a:oracle:linux:python3-gobject-base", "p-cpe:/a:oracle:linux:tracker", "p-cpe:/a:oracle:linux:tracker-devel", "p-cpe:/a:oracle:linux:vte-profile", "p-cpe:/a:oracle:linux:vte291", "p-cpe:/a:oracle:linux:vte291-devel", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel", "p-cpe:/a:oracle:linux:webrtc-audio-processing", "p-cpe:/a:oracle:linux:xdg-desktop-portal", "p-cpe:/a:oracle:linux:xdg-desktop-portal-gtk"], "id": "ORACLELINUX_ELSA-2020-4451.NASL", "href": "https://www.tenable.com/plugins/nessus/142763", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4451.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142763);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8710\",\n \"CVE-2019-8720\",\n \"CVE-2019-8743\",\n \"CVE-2019-8764\",\n \"CVE-2019-8766\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8823\",\n \"CVE-2019-8835\",\n \"CVE-2019-8844\",\n \"CVE-2019-8846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\",\n \"CVE-2020-3885\",\n \"CVE-2020-3894\",\n \"CVE-2020-3895\",\n \"CVE-2020-3897\",\n \"CVE-2020-3899\",\n \"CVE-2020-3900\",\n \"CVE-2020-3901\",\n \"CVE-2020-3902\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\",\n \"CVE-2020-10018\",\n \"CVE-2020-11793\",\n \"CVE-2020-14391\",\n \"CVE-2020-15503\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"Oracle Linux 8 : GNOME (ELSA-2020-4451)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4451 advisory.\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8766)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for\n Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web\n content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS\n 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0,\n iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This\n issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website\n may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1,\n iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for\n Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17,\n iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS\n 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0,\n iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4,\n tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A\n file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS\n 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows\n 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows\n 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for\n Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows,\n iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3\n for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8844)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3,\n iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for\n Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1\n and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud\n for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS\n 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for\n Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web\n content that allows remote attackers to execute arbitrary code or cause a denial of service (memory\n corruption and application crash). (CVE-2020-11793)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0)\n contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue\n has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9806, CVE-2020-9807)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9894)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access\n restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2,\n iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously\n crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when\n user registers through GNOME control center (CVE-2020-14391)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and\n iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site\n scripting attack. (CVE-2020-9843)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This\n issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for\n Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to\n command injection. (CVE-2020-9862)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS\n 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3,\n iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site\n scripting. (CVE-2020-9925)\n\n - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp,\n postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,\n malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4451.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3899\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:PackageKit-command-not-found\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:PackageKit-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:PackageKit-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:PackageKit-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:PackageKit-gstreamer-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:PackageKit-gtk3-module\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dleyna-renderer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:frei0r-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:frei0r-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:frei0r-plugins-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-photos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-photos-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-remote-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-terminal-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-afc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-afp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-archive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-goa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-gphoto2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-mtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nautilus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nautilus-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pipewire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pipewire-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pipewire-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pipewire-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pipewire-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pipewire0.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pipewire0.2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:potrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pygobject3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-gobject-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tracker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tracker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vte-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vte291\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vte291-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webrtc-audio-processing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xdg-desktop-portal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xdg-desktop-portal-gtk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'dleyna-renderer-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'frei0r-plugins-opencv-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'frei0r-plugins-opencv-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gdm-3.28.3-34.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'gdm-3.28.3-34.el8', 'cpu':'i686', 'release':'8', 'epoch':'1'},\n {'reference':'gdm-3.28.3-34.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'gnome-classic-session-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-control-center-3.28.2-22.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-control-center-3.28.2-22.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-control-center-filesystem-3.28.2-22.el8', 'release':'8'},\n {'reference':'gnome-photos-3.28.1-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-photos-tests-3.28.1-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-remote-desktop-0.1.8-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-remote-desktop-0.1.8-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-session-3.28.1-10.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-session-3.28.1-10.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-session-wayland-session-3.28.1-10.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-session-wayland-session-3.28.1-10.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-session-xsession-3.28.1-10.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-session-xsession-3.28.1-10.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-settings-daemon-3.32.0-11.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-settings-daemon-3.32.0-11.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-shell-3.32.2-20.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-shell-3.32.2-20.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-common-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-window-list-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-11.el8', 'release':'8'},\n {'reference':'gnome-terminal-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-terminal-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gnome-terminal-nautilus-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gnome-terminal-nautilus-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gsettings-desktop-schemas-3.32.0-5.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gsettings-desktop-schemas-3.32.0-5.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'gsettings-desktop-schemas-3.32.0-5.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-5.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-5.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-5.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gtk-doc-1.28-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gtk-doc-1.28-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gtk-update-icon-cache-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gtk-update-icon-cache-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gtk3-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gtk3-3.22.30-6.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'gtk3-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gtk3-devel-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gtk3-devel-3.22.30-6.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'gtk3-devel-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gtk3-immodule-xim-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gtk3-immodule-xim-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-1.36.2-10.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'gvfs-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-afc-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-afc-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-afp-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-afp-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-archive-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-archive-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-client-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-client-1.36.2-10.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'gvfs-client-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-devel-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-devel-1.36.2-10.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'gvfs-devel-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-fuse-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-fuse-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-goa-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-goa-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-gphoto2-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-gphoto2-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-mtp-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-mtp-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'gvfs-smb-1.36.2-10.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'gvfs-smb-1.36.2-10.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mutter-3.32.2-48.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mutter-3.32.2-48.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'mutter-3.32.2-48.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mutter-devel-3.32.2-48.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mutter-devel-3.32.2-48.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'mutter-devel-3.32.2-48.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nautilus-3.28.1-14.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nautilus-3.28.1-14.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'nautilus-3.28.1-14.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nautilus-devel-3.28.1-14.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nautilus-devel-3.28.1-14.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'nautilus-devel-3.28.1-14.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nautilus-extensions-3.28.1-14.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nautilus-extensions-3.28.1-14.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'nautilus-extensions-3.28.1-14.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'PackageKit-1.1.12-6.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'PackageKit-1.1.12-6.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'PackageKit-command-not-found-1.1.12-6.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'PackageKit-command-not-found-1.1.12-6.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'PackageKit-cron-1.1.12-6.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'PackageKit-cron-1.1.12-6.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'PackageKit-glib-1.1.12-6.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'PackageKit-glib-1.1.12-6.0.1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'PackageKit-glib-1.1.12-6.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'PackageKit-glib-devel-1.1.12-6.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'PackageKit-glib-devel-1.1.12-6.0.1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'PackageKit-glib-devel-1.1.12-6.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'PackageKit-gstreamer-plugin-1.1.12-6.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'PackageKit-gstreamer-plugin-1.1.12-6.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.0.1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pipewire-doc-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pipewire-doc-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pipewire-utils-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pipewire-utils-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'potrace-1.15-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'potrace-1.15-3.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'potrace-1.15-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'vte-profile-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'vte-profile-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'xdg-desktop-portal-1.6.0-2.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'xdg-desktop-portal-1.6.0-2.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'xdg-desktop-portal-gtk-1.6.0-1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'xdg-desktop-portal-gtk-1.6.0-1.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / PackageKit / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:32:46", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4451 advisory.\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. (CVE-2019-8720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8766)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8844)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). (CVE-2020-11793)\n\n - A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. (CVE-2020-14391)\n\n - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9806, CVE-2020-9807)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9843)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. (CVE-2020-9862)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9894)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2020-9925)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.\n Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-06T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : GNOME (RLSA-2020:4451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-14391", "CVE-2020-15503", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:libraw-devel", "p-cpe:/a:rocky:linux:packagekit-glib", "p-cpe:/a:rocky:linux:dleyna-renderer-debugsource", "p-cpe:/a:rocky:linux:frei0r-plugins-opencv", "p-cpe:/a:rocky:linux:gnome-remote-desktop-debuginfo", "p-cpe:/a:rocky:linux:pipewire-doc", "p-cpe:/a:rocky:linux:python3-gobject-base-debuginfo", "p-cpe:/a:rocky:linux:libsoup-debuginfo", "p-cpe:/a:rocky:linux:libsoup-debugsource", "p-cpe:/a:rocky:linux:webrtc-audio-processing-debugsource", "p-cpe:/a:rocky:linux:gnome-session-wayland-session", "p-cpe:/a:rocky:linux:potrace-debugsource", "p-cpe:/a:rocky:linux:dleyna-renderer", "p-cpe:/a:rocky:linux:pipewire", "p-cpe:/a:rocky:linux:pipewire-utils", "p-cpe:/a:rocky:linux:python3-gobject-debuginfo", "p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk", "p-cpe:/a:rocky:linux:packagekit", "p-cpe:/a:rocky:linux:packagekit-command-not-found", "p-cpe:/a:rocky:linux:frei0r-plugins-opencv-debuginfo", "p-cpe:/a:rocky:linux:gsettings-desktop-schemas", "p-cpe:/a:rocky:linux:pipewire-debuginfo", "p-cpe:/a:rocky:linux:python3-gobject", "p-cpe:/a:rocky:linux:gtk3-debugsource", "p-cpe:/a:rocky:linux:gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:libsoup", "p-cpe:/a:rocky:linux:pipewire-debugsource", "p-cpe:/a:rocky:linux:pipewire-libs", "p-cpe:/a:rocky:linux:tracker-devel", "p-cpe:/a:rocky:linux:packagekit-glib-debuginfo", "p-cpe:/a:rocky:linux:frei0r-devel", "p-cpe:/a:rocky:linux:frei0r-plugins-debuginfo", "p-cpe:/a:rocky:linux:tracker-debuginfo", "p-cpe:/a:rocky:linux:packagekit-debugsource", "p-cpe:/a:rocky:linux:packagekit-gstreamer-plugin", "p-cpe:/a:rocky:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:rocky:linux:gtk-update-icon-cache", "p-cpe:/a:rocky:linux:gtk3-immodule-xim-debuginfo", "p-cpe:/a:rocky:linux:pipewire-devel", "p-cpe:/a:rocky:linux:vte291-debugsource", "p-cpe:/a:rocky:linux:packagekit-gtk3-module-debuginfo", "p-cpe:/a:rocky:linux:gnome-session-xsession", "p-cpe:/a:rocky:linux:gtk3-immodule-xim", "p-cpe:/a:rocky:linux:pipewire0.2-libs-debuginfo", "p-cpe:/a:rocky:linux:python3-gobject-base", "p-cpe:/a:rocky:linux:packagekit-glib-devel", "p-cpe:/a:rocky:linux:gnome-session", "p-cpe:/a:rocky:linux:gtk3", "p-cpe:/a:rocky:linux:pipewire0.2-libs", "p-cpe:/a:rocky:linux:vte291-devel", "p-cpe:/a:rocky:linux:gnome-remote-desktop-debugsource", "p-cpe:/a:rocky:linux:gtk3-debuginfo", "p-cpe:/a:rocky:linux:potrace", "p-cpe:/a:rocky:linux:vte-profile", "p-cpe:/a:rocky:linux:vte291-debuginfo", "p-cpe:/a:rocky:linux:packagekit-command-not-found-debuginfo", "p-cpe:/a:rocky:linux:packagekit-debuginfo", "p-cpe:/a:rocky:linux:frei0r-plugins-debugsource", "p-cpe:/a:rocky:linux:gnome-session-debuginfo", "p-cpe:/a:rocky:linux:pygobject3-debuginfo", "p-cpe:/a:rocky:linux:tracker", "p-cpe:/a:rocky:linux:webrtc-audio-processing", "p-cpe:/a:rocky:linux:webrtc-audio-processing-debuginfo", "p-cpe:/a:rocky:linux:libraw", "p-cpe:/a:rocky:linux:packagekit-gstreamer-plugin-debuginfo", "p-cpe:/a:rocky:linux:pipewire0.2-debugsource", "p-cpe:/a:rocky:linux:dleyna-renderer-debuginfo", "p-cpe:/a:rocky:linux:gtk-update-icon-cache-debuginfo", "p-cpe:/a:rocky:linux:gtk3-devel", "p-cpe:/a:rocky:linux:libsoup-devel", "p-cpe:/a:rocky:linux:pipewire-utils-debuginfo", "p-cpe:/a:rocky:linux:packagekit-gtk3-module", "p-cpe:/a:rocky:linux:gnome-session-debugsource", "p-cpe:/a:rocky:linux:pipewire0.2-devel", "p-cpe:/a:rocky:linux:vte291", "p-cpe:/a:rocky:linux:vte291-devel-debuginfo", "p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk-debugsource", "p-cpe:/a:rocky:linux:libraw-debuginfo", "p-cpe:/a:rocky:linux:libraw-debugsource", "p-cpe:/a:rocky:linux:packagekit-cron", "p-cpe:/a:rocky:linux:frei0r-plugins", "p-cpe:/a:rocky:linux:gnome-remote-desktop", "p-cpe:/a:rocky:linux:pipewire-libs-debuginfo", "p-cpe:/a:rocky:linux:potrace-debuginfo", "p-cpe:/a:rocky:linux:pygobject3-debugsource", "p-cpe:/a:rocky:linux:pygobject3-devel", "p-cpe:/a:rocky:linux:tracker-debugsource", "p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2020-4451.NASL", "href": "https://www.tenable.com/plugins/nessus/184669", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2020:4451.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184669);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8710\",\n \"CVE-2019-8720\",\n \"CVE-2019-8743\",\n \"CVE-2019-8764\",\n \"CVE-2019-8766\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8823\",\n \"CVE-2019-8835\",\n \"CVE-2019-8844\",\n \"CVE-2019-8846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\",\n \"CVE-2020-3885\",\n \"CVE-2020-3894\",\n \"CVE-2020-3895\",\n \"CVE-2020-3897\",\n \"CVE-2020-3899\",\n \"CVE-2020-3900\",\n \"CVE-2020-3901\",\n \"CVE-2020-3902\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\",\n \"CVE-2020-9952\",\n \"CVE-2020-10018\",\n \"CVE-2020-11793\",\n \"CVE-2020-14391\",\n \"CVE-2020-15503\",\n \"CVE-2021-30666\",\n \"CVE-2021-30761\",\n \"CVE-2021-30762\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"RLSA\", value:\"2020:4451\");\n\n script_name(english:\"Rocky Linux 8 : GNOME (RLSA-2020:4451)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2020:4451 advisory.\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for\n Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web\n content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content\n that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory\n corruption issues. (CVE-2019-8720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8766)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This\n issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website\n may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1,\n iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0,\n iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for\n Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS\n 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows,\n iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3\n for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8844)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3,\n iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for\n Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0)\n contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue\n has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web\n content that allows remote attackers to execute arbitrary code or cause a denial of service (memory\n corruption and application crash). (CVE-2020-11793)\n\n - A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it\n improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME\n Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal\n password. The highest threat from this vulnerability is to confidentiality. (CVE-2020-14391)\n\n - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp,\n postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,\n malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1\n and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud\n for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17,\n iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS\n 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0,\n iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS\n 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for\n Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4,\n tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A\n file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS\n 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows\n 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows\n 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for\n Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and\n iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9806, CVE-2020-9807)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site\n scripting attack. (CVE-2020-9843)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This\n issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for\n Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to\n command injection. (CVE-2020-9862)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9894)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access\n restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2,\n iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously\n crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS\n 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3,\n iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site\n scripting. (CVE-2020-9925)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0\n and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.\n Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30762)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2020:4451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1207179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1566027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1569868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1652178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1656262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1668895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1692536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1706008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1706076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1715845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1719937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1758891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1775345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1778579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1779691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1794045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1804719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1805929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1811721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1814820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1816070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1816678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1816684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1816686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1817143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1820759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1820760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1824362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1827030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1829369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1832347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1833158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1837381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1837406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1837413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1837648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1840080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1840788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1843486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1844578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1846191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1847051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1847061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1847062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1847203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1853477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1854734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1866332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1868260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1872270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1876619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1877853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1880339\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3899\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-command-not-found\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-command-not-found-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-glib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-gstreamer-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-gstreamer-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-gtk3-module\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:PackageKit-gtk3-module-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dleyna-renderer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dleyna-renderer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dleyna-renderer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:frei0r-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:frei0r-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:frei0r-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:frei0r-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:frei0r-plugins-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:frei0r-plugins-opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-remote-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-remote-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-remote-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk-update-icon-cache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-immodule-xim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libsoup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libsoup-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire0.2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire0.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire0.2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pipewire0.2-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:potrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:potrace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:potrace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pygobject3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pygobject3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pygobject3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-gobject-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-gobject-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-gobject-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:tracker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:tracker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:tracker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:tracker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vte-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vte291\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vte291-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vte291-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vte291-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vte291-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webrtc-audio-processing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webrtc-audio-processing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webrtc-audio-processing-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:xdg-desktop-portal-gtk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'dleyna-renderer-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-renderer-debuginfo-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-renderer-debugsource-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-debuginfo-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-debuginfo-1.6.1-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-debuginfo-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-debugsource-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-debugsource-1.6.1-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-debugsource-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-opencv-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-opencv-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-opencv-debuginfo-1.6.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-opencv-debuginfo-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-remote-desktop-0.1.8-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-remote-desktop-0.1.8-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-remote-desktop-debuginfo-0.1.8-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-remote-desktop-debuginfo-0.1.8-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-remote-desktop-debugsource-0.1.8-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-remote-desktop-debugsource-0.1.8-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debuginfo-3.28.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debuginfo-3.28.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debugsource-3.28.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debugsource-3.28.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-debuginfo-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-debuginfo-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-debuginfo-3.22.30-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-debuginfo-3.22.30-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debuginfo-0.19.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debuginfo-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debugsource-0.19.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debugsource-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-debuginfo-2.62.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-debuginfo-2.62.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-debuginfo-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-debugsource-2.62.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-debugsource-2.62.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-debugsource-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-debuginfo-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-debuginfo-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-debuginfo-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-debuginfo-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-cron-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-cron-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-cron-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-cron-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debuginfo-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debuginfo-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debuginfo-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debuginfo-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debuginfo-1.1.12-6.el8.0.2', 'cpu':'i686', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debuginfo-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debugsource-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debugsource-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debugsource-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debugsource-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debugsource-1.1.12-6.el8.0.2', 'cpu':'i686', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-debugsource-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8.0.2', 'cpu':'i686', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-debuginfo-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-debuginfo-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-debuginfo-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-debuginfo-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-debuginfo-1.1.12-6.el8.0.2', 'cpu':'i686', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-debuginfo-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8.0.2', 'cpu':'i686', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8.0.2', 'cpu':'i686', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-debuginfo-1.1.12-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-debuginfo-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-debuginfo-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.0.2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.0.2', 'cpu':'i686', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.0.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-debuginfo-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-debuginfo-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-debuginfo-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-debugsource-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-debugsource-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-debugsource-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-doc-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-doc-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-debuginfo-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-debuginfo-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-debuginfo-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-utils-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-utils-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-utils-debuginfo-0.3.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-utils-debuginfo-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-debugsource-0.2.7-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-debugsource-0.2.7-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-debugsource-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-debuginfo-0.2.7-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-debuginfo-0.2.7-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-debuginfo-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-1.15-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-1.15-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-1.15-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-debuginfo-1.15-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-debuginfo-1.15-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-debuginfo-1.15-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-debugsource-1.15-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-debugsource-1.15-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-debugsource-1.15-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-debuginfo-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-debuginfo-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-debuginfo-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-debugsource-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-debugsource-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-debugsource-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-debuginfo-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-debuginfo-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-debuginfo-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-debuginfo-3.28.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-debuginfo-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-debuginfo-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-debuginfo-2.1.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-debuginfo-2.1.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-debuginfo-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-debugsource-2.1.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-debugsource-2.1.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-debugsource-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte-profile-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte-profile-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-debuginfo-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-debuginfo-0.52.4-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-debuginfo-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-debugsource-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-debugsource-0.52.4-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-debugsource-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-debuginfo-0.52.4-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-debuginfo-0.52.4-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-debuginfo-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-debuginfo-0.3-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-debuginfo-0.3-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-debuginfo-0.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-debugsource-0.3-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-debugsource-0.3-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-debugsource-0.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xdg-desktop-portal-gtk-1.6.0-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xdg-desktop-portal-gtk-1.6.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-debuginfo / LibRaw-debugsource / LibRaw-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:53:17", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities:\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8844)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). (CVE-2020-11793)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. (CVE-2020-9862)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9894)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2020-9925)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9806, CVE-2020-9807)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9843)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8766)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2021-0059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2022-05-25T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0059_WEBKIT2GTK3.NASL", "href": "https://www.tenable.com/plugins/nessus/147363", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0059. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147363);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8710\",\n \"CVE-2019-8720\",\n \"CVE-2019-8743\",\n \"CVE-2019-8764\",\n \"CVE-2019-8766\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8823\",\n \"CVE-2019-8835\",\n \"CVE-2019-8844\",\n \"CVE-2019-8846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\",\n \"CVE-2020-3885\",\n \"CVE-2020-3894\",\n \"CVE-2020-3895\",\n \"CVE-2020-3897\",\n \"CVE-2020-3899\",\n \"CVE-2020-3900\",\n \"CVE-2020-3901\",\n \"CVE-2020-3902\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\",\n \"CVE-2020-10018\",\n \"CVE-2020-11793\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2021-0059)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by\nmultiple vulnerabilities:\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows,\n iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0)\n contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue\n has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3,\n iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for\n Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3\n for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8844)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web\n content that allows remote attackers to execute arbitrary code or cause a denial of service (memory\n corruption and application crash). (CVE-2020-11793)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1\n and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud\n for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0,\n iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for\n Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web\n content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4,\n tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A\n file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS\n 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows\n 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows\n 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for\n Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This\n issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for\n Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to\n command injection. (CVE-2020-9862)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9894)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access\n restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2,\n iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously\n crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS\n 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3,\n iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site\n scripting. (CVE-2020-9925)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and\n iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9806, CVE-2020-9807)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site\n scripting attack. (CVE-2020-9843)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17,\n iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS\n 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS\n 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for\n Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8766)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0,\n iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for\n Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS\n 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This\n issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website\n may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1,\n iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0059\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL webkit2gtk3 packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3899\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'webkit2gtk3-2.28.4-1.el8',\n 'webkit2gtk3-debuginfo-2.28.4-1.el8',\n 'webkit2gtk3-debugsource-2.28.4-1.el8',\n 'webkit2gtk3-devel-2.28.4-1.el8',\n 'webkit2gtk3-devel-debuginfo-2.28.4-1.el8',\n 'webkit2gtk3-doc-2.28.4-1.el8',\n 'webkit2gtk3-jsc-2.28.4-1.el8',\n 'webkit2gtk3-jsc-debuginfo-2.28.4-1.el8',\n 'webkit2gtk3-jsc-devel-2.28.4-1.el8',\n 'webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:36:06", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4451 advisory.\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8625, CVE-2019-8813, CVE-2020-3867)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8710, CVE-2019-8720, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2020-3868)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8743)\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8764)\n\n - webkitgtk: Websites could reveal browsing history (CVE-2019-8769)\n\n - webkitgtk: Violation of iframe sandboxing policy (CVE-2019-8771)\n\n - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835, CVE-2019-8844)\n\n - webkitgtk: Use after free issue may lead to remote code execution (CVE-2019-8846)\n\n - webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp (CVE-2020-10018)\n\n - webkitgtk: use-after-free via crafted web content (CVE-2020-11793)\n\n - gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)\n\n - LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)\n\n - webkitgtk: Denial of service via incorrect memory handling (CVE-2020-3862)\n\n - webkitgtk: Non-unique security origin for DOM object contexts (CVE-2020-3864)\n\n - webkitgtk: Incorrect security check for a top-level DOM object context (CVE-2020-3865)\n\n - webkitgtk: Incorrect processing of file URLs (CVE-2020-3885)\n\n - webkitgtk: Race condition allows reading of restricted memory (CVE-2020-3894)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3895)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2020-3897, CVE-2020-3901)\n\n - webkitgtk: Memory consumption issue leading to arbitrary code execution (CVE-2020-3899)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3900)\n\n - webkitgtk: Input validation issue leading to cross-site script attack (CVE-2020-3902)\n\n - webkitgtk: Logic issue may lead to arbitrary code execution (CVE-2020-9802, CVE-2020-9850)\n\n - webkitgtk: Memory corruption may lead to arbitrary code execution (CVE-2020-9803, CVE-2020-9806, CVE-2020-9807)\n\n - webkitgtk: Logic issue may lead to cross site scripting (CVE-2020-9805)\n\n - webkitgtk: Input validation issue may lead to cross site scripting (CVE-2020-9843)\n\n - webkitgtk: Command injection in web inspector (CVE-2020-9862)\n\n - webkitgtk: Use-after-free may lead to application termination or arbitrary code execution (CVE-2020-9893, CVE-2020-9895)\n\n - webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution (CVE-2020-9894)\n\n - webkitgtk: Access issue in content security policy (CVE-2020-9915)\n\n - webkitgtk: A logic issue may lead to cross site scripting (CVE-2020-9925)\n\n - webkitgtk: input validation issue may lead to a cross site scripting (CVE-2020-9952)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30666)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30761)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30762)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : GNOME (RHSA-2020:4451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-14391", "CVE-2020-15503", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libraw", "p-cpe:/a:redhat:enterprise_linux:libraw-devel", "p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2020-4451.NASL", "href": "https://www.tenable.com/plugins/nessus/142418", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4451. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142418);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8710\",\n \"CVE-2019-8720\",\n \"CVE-2019-8743\",\n \"CVE-2019-8764\",\n \"CVE-2019-8766\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8823\",\n \"CVE-2019-8835\",\n \"CVE-2019-8844\",\n \"CVE-2019-8846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\",\n \"CVE-2020-3885\",\n \"CVE-2020-3894\",\n \"CVE-2020-3895\",\n \"CVE-2020-3897\",\n \"CVE-2020-3899\",\n \"CVE-2020-3900\",\n \"CVE-2020-3901\",\n \"CVE-2020-3902\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\",\n \"CVE-2020-10018\",\n \"CVE-2020-11793\",\n \"CVE-2020-14391\",\n \"CVE-2020-15503\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4451\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"RHEL 8 : GNOME (RHSA-2020:4451)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4451 advisory.\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8625,\n CVE-2019-8813, CVE-2020-3867)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8710,\n CVE-2019-8720, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812,\n CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2020-3868)\n\n - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-8743)\n\n - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8764)\n\n - webkitgtk: Websites could reveal browsing history (CVE-2019-8769)\n\n - webkitgtk: Violation of iframe sandboxing policy (CVE-2019-8771)\n\n - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835,\n CVE-2019-8844)\n\n - webkitgtk: Use after free issue may lead to remote code execution (CVE-2019-8846)\n\n - webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp (CVE-2020-10018)\n\n - webkitgtk: use-after-free via crafted web content (CVE-2020-11793)\n\n - gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when\n user registers through GNOME control center (CVE-2020-14391)\n\n - LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)\n\n - webkitgtk: Denial of service via incorrect memory handling (CVE-2020-3862)\n\n - webkitgtk: Non-unique security origin for DOM object contexts (CVE-2020-3864)\n\n - webkitgtk: Incorrect security check for a top-level DOM object context (CVE-2020-3865)\n\n - webkitgtk: Incorrect processing of file URLs (CVE-2020-3885)\n\n - webkitgtk: Race condition allows reading of restricted memory (CVE-2020-3894)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3895)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2020-3897, CVE-2020-3901)\n\n - webkitgtk: Memory consumption issue leading to arbitrary code execution (CVE-2020-3899)\n\n - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3900)\n\n - webkitgtk: Input validation issue leading to cross-site script attack (CVE-2020-3902)\n\n - webkitgtk: Logic issue may lead to arbitrary code execution (CVE-2020-9802, CVE-2020-9850)\n\n - webkitgtk: Memory corruption may lead to arbitrary code execution (CVE-2020-9803, CVE-2020-9806,\n CVE-2020-9807)\n\n - webkitgtk: Logic issue may lead to cross site scripting (CVE-2020-9805)\n\n - webkitgtk: Input validation issue may lead to cross site scripting (CVE-2020-9843)\n\n - webkitgtk: Command injection in web inspector (CVE-2020-9862)\n\n - webkitgtk: Use-after-free may lead to application termination or arbitrary code execution (CVE-2020-9893,\n CVE-2020-9895)\n\n - webkitgtk: Out-of-bounds read may lead to unexpected application termination or arbitrary code execution\n (CVE-2020-9894)\n\n - webkitgtk: Access issue in content security policy (CVE-2020-9915)\n\n - webkitgtk: A logic issue may lead to cross site scripting (CVE-2020-9925)\n\n - webkitgtk: input validation issue may lead to a cross site scripting (CVE-2020-9952)\n\n - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30666)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30761)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30762)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-3902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1811721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1816678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1816684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1816686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1829369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1876619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986898\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3899\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 77, 79, 119, 120, 125, 284, 400, 416, 522, 841);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gnome-settings-daemon-3.32.0-11.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'sp':'4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'sp':'4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gnome-settings-daemon-3.32.0-11.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'sp':'6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'sp':'6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gnome-settings-daemon-3.32.0-11.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.28.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.28.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.28.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.28.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / gnome-settings-daemon / webkit2gtk3 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:19:25", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4451 advisory.\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8766)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8844)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9806, CVE-2020-9807)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9843)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. (CVE-2020-9862)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2020-9894)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2020-9925)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.\n Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). (CVE-2020-11793)\n\n - A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. (CVE-2020-14391)\n\n - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : GNOME (ALSA-2020:4451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-14391", "CVE-2020-15503", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libraw-devel", "p-cpe:/a:alma:linux:packagekit", "p-cpe:/a:alma:linux:packagekit-command-not-found", "p-cpe:/a:alma:linux:packagekit-cron", "p-cpe:/a:alma:linux:packagekit-glib", "p-cpe:/a:alma:linux:packagekit-glib-devel", "p-cpe:/a:alma:linux:packagekit-gstreamer-plugin", "p-cpe:/a:alma:linux:packagekit-gtk3-module", "p-cpe:/a:alma:linux:dleyna-renderer", "p-cpe:/a:alma:linux:frei0r-devel", "p-cpe:/a:alma:linux:frei0r-plugins", "p-cpe:/a:alma:linux:frei0r-plugins-opencv", "p-cpe:/a:alma:linux:gnome-remote-desktop", "p-cpe:/a:alma:linux:gsettings-desktop-schemas", "p-cpe:/a:alma:linux:gtk-doc", "p-cpe:/a:alma:linux:gvfs", "p-cpe:/a:alma:linux:libsoup", "p-cpe:/a:alma:linux:libsoup-devel", "p-cpe:/a:alma:linux:mutter-devel", "p-cpe:/a:alma:linux:nautilus", "p-cpe:/a:alma:linux:nautilus-devel", "p-cpe:/a:alma:linux:pipewire", "p-cpe:/a:alma:linux:pipewire-devel", "p-cpe:/a:alma:linux:pipewire-doc", "p-cpe:/a:alma:linux:pipewire-libs", "p-cpe:/a:alma:linux:pipewire-utils", "p-cpe:/a:alma:linux:pipewire0.2-devel", "p-cpe:/a:alma:linux:pipewire0.2-libs", "p-cpe:/a:alma:linux:potrace", "p-cpe:/a:alma:linux:pygobject3-devel", "p-cpe:/a:alma:linux:python3-gobject", "p-cpe:/a:alma:linux:python3-gobject-base", "p-cpe:/a:alma:linux:tracker", "p-cpe:/a:alma:linux:tracker-devel", "p-cpe:/a:alma:linux:vte-profile", "p-cpe:/a:alma:linux:vte291", "p-cpe:/a:alma:linux:vte291-devel", "p-cpe:/a:alma:linux:webrtc-audio-processing", "p-cpe:/a:alma:linux:xdg-desktop-portal-gtk", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-4451.NASL", "href": "https://www.tenable.com/plugins/nessus/157689", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:4451.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157689);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8710\",\n \"CVE-2019-8720\",\n \"CVE-2019-8743\",\n \"CVE-2019-8764\",\n \"CVE-2019-8766\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8823\",\n \"CVE-2019-8835\",\n \"CVE-2019-8844\",\n \"CVE-2019-8846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\",\n \"CVE-2020-3885\",\n \"CVE-2020-3894\",\n \"CVE-2020-3895\",\n \"CVE-2020-3897\",\n \"CVE-2020-3899\",\n \"CVE-2020-3900\",\n \"CVE-2020-3901\",\n \"CVE-2020-3902\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\",\n \"CVE-2020-9952\",\n \"CVE-2020-10018\",\n \"CVE-2020-11793\",\n \"CVE-2020-14391\",\n \"CVE-2020-15503\",\n \"CVE-2021-30666\",\n \"CVE-2021-30761\",\n \"CVE-2021-30762\"\n );\n script_xref(name:\"ALSA\", value:\"2020:4451\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"AlmaLinux 8 : GNOME (ALSA-2020:4451)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2020:4451 advisory.\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for\n Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web\n content may lead to universal cross site scripting. (CVE-2019-8625)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8710)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8743)\n\n - A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8766)\n\n - An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This\n issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website\n may reveal browsing history. (CVE-2019-8769)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1,\n iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0,\n iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8823)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for\n Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS\n 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing\n maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows,\n iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8835)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3\n for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2019-8844)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3,\n iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for\n Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8846)\n\n - A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1\n and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud\n for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17,\n iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS\n 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0,\n iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3865, CVE-2020-3868)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS\n 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for\n Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-3867)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4,\n tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A\n file URL may be incorrectly processed. (CVE-2020-3885)\n\n - A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS\n 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows\n 7.18. An application may be able to read restricted memory. (CVE-2020-3894)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3895, CVE-2020-3900)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)\n\n - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows\n 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.\n (CVE-2020-3899)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and\n iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,\n iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-3901)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4\n and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for\n Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and\n iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2020-9806, CVE-2020-9807)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5\n and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows\n 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site\n scripting attack. (CVE-2020-9843)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,\n tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for\n Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)\n\n - A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This\n issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for\n Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to\n command injection. (CVE-2020-9862)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and\n iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows\n 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination\n or arbitrary code execution. (CVE-2020-9894)\n\n - An access issue existed in Content Security Policy. This issue was addressed with improved access\n restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2,\n iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously\n crafted web content may prevent Content Security Policy from being enforced. (CVE-2020-9915)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS\n 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3,\n iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site\n scripting. (CVE-2020-9925)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0\n and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.\n Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)\n\n - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0)\n contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue\n has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)\n\n - A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web\n content that allows remote attackers to execute arbitrary code or cause a denial of service (memory\n corruption and application crash). (CVE-2020-11793)\n\n - A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it\n improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME\n Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal\n password. The highest threat from this vulnerability is to confidentiality. (CVE-2020-14391)\n\n - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp,\n postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,\n malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30762)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-4451.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3899\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:PackageKit-command-not-found\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:PackageKit-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:PackageKit-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:PackageKit-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:PackageKit-gstreamer-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:PackageKit-gtk3-module\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dleyna-renderer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:frei0r-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:frei0r-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:frei0r-plugins-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-remote-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:nautilus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pipewire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pipewire-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pipewire-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pipewire-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pipewire-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pipewire0.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pipewire0.2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:potrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pygobject3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-gobject-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:tracker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:tracker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vte-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vte291\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vte291-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webrtc-audio-processing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:xdg-desktop-portal-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'dleyna-renderer-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-devel-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'frei0r-plugins-opencv-1.6.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-remote-desktop-0.1.8-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-doc-1.28-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-1.36.2-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsoup-devel-2.62.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-48.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-48.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-3.28.1-14.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-devel-3.28.1-14.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-devel-3.28.1-14.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-command-not-found-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-cron-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-glib-devel-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gstreamer-plugin-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'PackageKit-gtk3-module-1.1.12-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-devel-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-doc-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-libs-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire-utils-0.3.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-devel-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pipewire0.2-libs-0.2.7-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-1.15-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'potrace-1.15-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pygobject3-devel-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-gobject-base-3.28.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tracker-devel-2.1.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte-profile-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vte291-devel-0.52.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webrtc-audio-processing-0.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xdg-desktop-portal-gtk-1.6.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw-devel / PackageKit / PackageKit-command-not-found / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:19", "description": "This update for webkit2gtk3 to version 2.28.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528).\n\nCVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658).\n\nCVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\nCVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\nCVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\nCVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809).\n\nCVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809).\n\nNon-security issues fixed: Add API to enable Process Swap on (Cross-site) Navigation.\n\nAdd user messages API for the communication with the web extension.\n\nAdd support for same-site cookies.\n\nService workers are enabled by default.\n\nAdd support for Pointer Lock API.\n\nAdd flatpak sandbox support.\n\nMake ondemand hardware acceleration policy never leave accelerated compositing mode.\n\nAlways use a light theme for rendering form controls.\n\nAdd about:gpu to show information about the graphics stack.\n\nFixed issues while trying to play a video on NextCloud.\n\nFixed vertical alignment of text containing arabic diacritics.\n\nFixed build with icu 65.1.\n\nFixed page loading errors with websites using HSTS.\n\nFixed web process crash when displaying a KaTeX formula.\n\nFixed several crashes and rendering issues.\n\nSwitched to a single web process for Evolution and geary (bsc#1159329).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:1135-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1135-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1135-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136082);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8710\",\n \"CVE-2019-8720\",\n \"CVE-2019-8743\",\n \"CVE-2019-8764\",\n \"CVE-2019-8766\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8823\",\n \"CVE-2019-8835\",\n \"CVE-2019-8844\",\n \"CVE-2019-8846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\",\n \"CVE-2020-10018\",\n \"CVE-2020-11793\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:1135-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 to version 2.28.1 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2020-10018: Fixed a denial of service because the\nm_deferredFocusedNodeChange data structure was mishandled\n(bsc#1165528).\n\nCVE-2020-11793: Fixed a potential arbitrary code execution caused by a\nuse-after-free vulnerability (bsc#1169658).\n\nCVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\nCVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\nCVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\nCVE-2020-3868: Fixed multiple memory corruption issues that could have\nlead to arbitrary code execution (bsc#1163809).\n\nCVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object\ncontext handling (bsc#1163809).\n\nNon-security issues fixed: Add API to enable Process Swap on\n(Cross-site) Navigation.\n\nAdd user messages API for the communication with the web extension.\n\nAdd support for same-site cookies.\n\nService workers are enabled by default.\n\nAdd support for Pointer Lock API.\n\nAdd flatpak sandbox support.\n\nMake ondemand hardware acceleration policy never leave accelerated\ncompositing mode.\n\nAlways use a light theme for rendering form controls.\n\nAdd about:gpu to show information about the graphics stack.\n\nFixed issues while trying to play a video on NextCloud.\n\nFixed vertical alignment of text containing arabic diacritics.\n\nFixed build with icu 65.1.\n\nFixed page loading errors with websites using HSTS.\n\nFixed web process crash when displaying a KaTeX formula.\n\nFixed several crashes and rendering issues.\n\nSwitched to a single web process for Evolution and geary\n(bsc#1159329).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8625/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8710/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8720/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8743/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8764/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8771/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8782/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8783/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8808/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8811/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8812/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8813/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8819/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8820/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8823/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8844/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10018/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11793/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3864/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3865/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3867/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3868/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201135-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?718c807f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2020-1135=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2020-1135=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2020-1135=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2020-1135=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2020-1135=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-1135=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2020-1135=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2020-1135=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2020-1135=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-1135=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2020-1135=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2020-1135=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2020-1135=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2020-1135=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2020-1135=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2020-1135=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3868\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10018\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk3-debugsource-2.28.1-2.50.3\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:08", "description": "The WebKitGTK project reports multiple vulnerabilities.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (3e748551-c732-45f6-bd88-928da16f23a8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8710", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8765", "CVE-2019-8766", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823"], "modified": "2019-12-24T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3E748551C73245F6BD88928DA16F23A8.NASL", "href": "https://www.tenable.com/plugins/nessus/131467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131467);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/24\");\n\n script_cve_id(\"CVE-2019-8710\", \"CVE-2019-8743\", \"CVE-2019-8764\", \"CVE-2019-8765\", \"CVE-2019-8766\", \"CVE-2019-8782\", \"CVE-2019-8783\", \"CVE-2019-8808\", \"CVE-2019-8811\", \"CVE-2019-8812\", \"CVE-2019-8813\", \"CVE-2019-8814\", \"CVE-2019-8815\", \"CVE-2019-8816\", \"CVE-2019-8819\", \"CVE-2019-8820\", \"CVE-2019-8821\", \"CVE-2019-8822\", \"CVE-2019-8823\");\n\n script_name(english:\"FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (3e748551-c732-45f6-bd88-928da16f23a8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The WebKitGTK project reports multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0006.html\"\n );\n # https://vuxml.freebsd.org/freebsd/3e748551-c732-45f6-bd88-928da16f23a8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28d1454d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.26.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T15:28:42", "description": "The remote host is affected by the vulnerability described in GLSA-202006-08 (WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "GLSA-202006-08 : WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10018", "CVE-2020-11793", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202006-08.NASL", "href": "https://www.tenable.com/plugins/nessus/137445", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202006-08.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137445);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-10018\", \"CVE-2020-11793\", \"CVE-2020-3885\", \"CVE-2020-3894\", \"CVE-2020-3895\", \"CVE-2020-3897\", \"CVE-2020-3899\", \"CVE-2020-3900\", \"CVE-2020-3901\", \"CVE-2020-3902\");\n script_xref(name:\"GLSA\", value:\"202006-08\");\n\n script_name(english:\"GLSA-202006-08 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202006-08\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202006-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.28.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3899\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.28.2\"), vulnerable:make_list(\"lt 2.28.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T15:27:08", "description": "The following vulnerability has been discovered in the webkit2gtk web engine :\n\n - CVE-2020-3885 Ryan Pickren discovered that a file URL may be incorrectly processed.\n\n - CVE-2020-3894 Sergei Glazunov discovered that a race condition may allow an application to read restricted memory.\n\n - CVE-2020-3895 grigoritchy discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-3897 Brendan Draper discovered that a remote attacker may be able to cause arbitrary code execution.\n\n - CVE-2020-3899 OSS-Fuzz discovered that a remote attacker may be able to cause arbitrary code execution.\n\n - CVE-2020-3900 Dongzhuo Zhao discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-3901 Benjamin Randazzo discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-3902 Yigit Can Yilmaz discovered that processing maliciously crafted web content may lead to a cross site scripting attack.", "cvss3": {}, "published": "2020-05-08T00:00:00", "type": "nessus", "title": "Debian DSA-4681-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902"], "modified": "2020-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4681.NASL", "href": "https://www.tenable.com/plugins/nessus/136413", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4681. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136413);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-3885\", \"CVE-2020-3894\", \"CVE-2020-3895\", \"CVE-2020-3897\", \"CVE-2020-3899\", \"CVE-2020-3900\", \"CVE-2020-3901\", \"CVE-2020-3902\");\n script_xref(name:\"DSA\", value:\"4681\");\n\n script_name(english:\"Debian DSA-4681-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerability has been discovered in the webkit2gtk web\nengine :\n\n - CVE-2020-3885\n Ryan Pickren discovered that a file URL may be\n incorrectly processed.\n\n - CVE-2020-3894\n Sergei Glazunov discovered that a race condition may\n allow an application to read restricted memory.\n\n - CVE-2020-3895\n grigoritchy discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2020-3897\n Brendan Draper discovered that a remote attacker may be\n able to cause arbitrary code execution.\n\n - CVE-2020-3899\n OSS-Fuzz discovered that a remote attacker may be able\n to cause arbitrary code execution.\n\n - CVE-2020-3900\n Dongzhuo Zhao discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2020-3901\n Benjamin Randazzo discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2020-3902\n Yigit Can Yilmaz discovered that processing maliciously\n crafted web content may lead to a cross site scripting\n attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4681\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.28.2-2~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.28.2-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.28.2-2~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:06", "description": "The remote host is affected by the vulnerability described in GLSA-202003-22 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-03-16T00:00:00", "type": "nessus", "title": "GLSA-202003-22 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8674", "CVE-2019-8707", "CVE-2019-8710", "CVE-2019-8719", "CVE-2019-8720", "CVE-2019-8726", "CVE-2019-8733", "CVE-2019-8735", "CVE-2019-8743", "CVE-2019-8763", "CVE-2019-8764", "CVE-2019-8765", "CVE-2019-8766", "CVE-2019-8768", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2022-05-27T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202003-22.NASL", "href": "https://www.tenable.com/plugins/nessus/134599", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202003-22.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134599);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/27\");\n\n script_cve_id(\"CVE-2019-8625\", \"CVE-2019-8674\", \"CVE-2019-8707\", \"CVE-2019-8710\", \"CVE-2019-8719\", \"CVE-2019-8720\", \"CVE-2019-8726\", \"CVE-2019-8733\", \"CVE-2019-8735\", \"CVE-2019-8743\", \"CVE-2019-8763\", \"CVE-2019-8764\", \"CVE-2019-8765\", \"CVE-2019-8766\", \"CVE-2019-8768\", \"CVE-2019-8769\", \"CVE-2019-8771\", \"CVE-2019-8782\", \"CVE-2019-8783\", \"CVE-2019-8808\", \"CVE-2019-8811\", \"CVE-2019-8812\", \"CVE-2019-8813\", \"CVE-2019-8814\", \"CVE-2019-8815\", \"CVE-2019-8816\", \"CVE-2019-8819\", \"CVE-2019-8820\", \"CVE-2019-8821\", \"CVE-2019-8822\", \"CVE-2019-8823\", \"CVE-2019-8835\", \"CVE-2019-8844\", \"CVE-2019-8846\", \"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"GLSA\", value:\"202003-22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"GLSA-202003-22 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202003-22\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, cause a Denial of\n Service condition, bypass intended memory-read restrictions, conduct a\n timing side-channel attack to bypass the Same Origin Policy or obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202003-22\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.26.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3868\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.26.4\"), vulnerable:make_list(\"lt 2.26.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:29", "description": "This update for webkit2gtk3 to version 2.26.4 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\n - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\n - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\n - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\n - CVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809).\n\n - CVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809).\n\n - CVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\n - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809).\n\nNon-security issues fixed :\n\n - Fixed issues while trying to play a video on NextCloud.\n\n - Fixed vertical alignment of text containing arabic diacritics.\n\n - Fixed build with icu 65.1.\n\n - Fixed page loading errors with websites using HSTS.\n\n - Fixed web process crash when displaying a KaTeX formula.\n\n - Fixed several crashes and rendering issues.\n\n - Switched to a single web process for Evolution and geary (bsc#1159329 glgo#GNOME/evolution#587).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-03-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-278)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2020-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-278.NASL", "href": "https://www.tenable.com/plugins/nessus/134198", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-278.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134198);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2019-8835\", \"CVE-2019-8844\", \"CVE-2019-8846\", \"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-278)\");\n script_summary(english:\"Check for the openSUSE-2020-278 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.26.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-8835: Fixed multiple memory corruption issues\n (bsc#1161719).\n\n - CVE-2019-8844: Fixed multiple memory corruption issues\n (bsc#1161719).\n\n - CVE-2019-8846: Fixed a use-after-free issue\n (bsc#1161719).\n\n - CVE-2020-3862: Fixed a memory handling issue\n (bsc#1163809).\n\n - CVE-2020-3864: Fixed a logic issue in the DOM object\n context handling (bsc#1163809).\n\n - CVE-2020-3865: Fixed a logic issue in the DOM object\n context handling (bsc#1163809).\n\n - CVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\n - CVE-2020-3868: Fixed multiple memory corruption issues\n that could have lead to arbitrary code execution\n (bsc#1163809).\n\nNon-security issues fixed :\n\n - Fixed issues while trying to play a video on NextCloud.\n\n - Fixed vertical alignment of text containing arabic\n diacritics.\n\n - Fixed build with icu 65.1.\n\n - Fixed page loading errors with websites using HSTS.\n\n - Fixed web process crash when displaying a KaTeX formula.\n\n - Fixed several crashes and rendering issues.\n\n - Switched to a single web process for Evolution and geary\n (bsc#1159329 glgo#GNOME/evolution#587).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1161719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163809\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:22", "description": "This update for webkit2gtk3 to version 2.26.4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\nCVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\nCVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809).\n\nCVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809).\n\nCVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\nCVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809).\n\nNon-security issues fixed: Fixed issues while trying to play a video on NextCloud.\n\nFixed vertical alignment of text containing arabic diacritics.\n\nFixed build with icu 65.1.\n\nFixed page loading errors with websites using HSTS.\n\nFixed web process crash when displaying a KaTeX formula.\n\nFixed several crashes and rendering issues.\n\nSwitched to a single web process for Evolution and geary (bsc#1159329 glgo#GNOME/evolution#587).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-26T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser", "p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0468-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0468-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134082);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-8835\", \"CVE-2019-8844\", \"CVE-2019-8846\", \"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.26.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\nCVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\nCVE-2020-3864: Fixed a logic issue in the DOM object context handling\n(bsc#1163809).\n\nCVE-2020-3865: Fixed a logic issue in the DOM object context handling\n(bsc#1163809).\n\nCVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\nCVE-2020-3868: Fixed multiple memory corruption issues that could have\nlead to arbitrary code execution (bsc#1163809).\n\nNon-security issues fixed: Fixed issues while trying to play a video\non NextCloud.\n\nFixed vertical alignment of text containing arabic diacritics.\n\nFixed build with icu 65.1.\n\nFixed page loading errors with websites using HSTS.\n\nFixed web process crash when displaying a KaTeX formula.\n\nFixed several crashes and rendering issues.\n\nSwitched to a single web process for Evolution and geary (bsc#1159329\nglgo#GNOME/evolution#587).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8844/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8846/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3864/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3865/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3867/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3868/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200468-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96317c8c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15:zypper in -t patch\nSUSE-SLE-Product-SLES_SAP-15-2020-468=1\n\nSUSE Linux Enterprise Server 15-LTSS:zypper in -t patch\nSUSE-SLE-Product-SLES-15-2020-468=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-468=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2020-468=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-468=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2020-468=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2020-468=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2020-468=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-468=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-468=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:46", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-08-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1256)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1256.NASL", "href": "https://www.tenable.com/plugins/nessus/139896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1256.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139896);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1256)\");\n script_summary(english:\"Check for the openSUSE-2020-1256 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.4-lp151.2.24.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.4-lp151.2.24.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:54", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2198-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2198-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2198-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139535);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2198-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202198-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?349b993e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2198=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2198=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2198=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2198=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.4-3.60.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.4-3.60.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:32:42", "description": "A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0"], "id": "UBUNTU_USN-4444-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4444-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139311);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2020-9862\",\n \"CVE-2020-9893\",\n \"CVE-2020-9894\",\n \"CVE-2020-9895\",\n \"CVE-2020-9915\",\n \"CVE-2020-9925\"\n );\n script_xref(name:\"USN\", value:\"4444-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"A large number of security issues were discovered in the WebKitGTK Web\nand JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4444-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.4-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.4-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.4-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:28", "description": "Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from Requires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Fedora 32 : webkit2gtk3 (2020-24b936a870)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-24B936A870.NASL", "href": "https://www.tenable.com/plugins/nessus/139299", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-24b936a870.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139299);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"FEDORA\", value:\"2020-24b936a870\");\n\n script_name(english:\"Fedora 32 : webkit2gtk3 (2020-24b936a870)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from\nRequires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895,\nCVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-24b936a870\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"webkit2gtk3-2.28.4-3.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:49", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2020-9862 Ophir Lojkine discovered that copying a URL from the Web Inspector may lead to command injection.\n\n - CVE-2020-9893 0011 discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9894 0011 discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9895 Wen Xu discovered that a remote attacker may be able to cause unexpected application termination or arbitrary code execution.\n\n - CVE-2020-9915 Ayoub Ait Elmokhtar discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.\n\n - CVE-2020-9925 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.", "cvss3": {}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Debian DSA-4739-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4739.NASL", "href": "https://www.tenable.com/plugins/nessus/139298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4739. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139298);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"DSA\", value:\"4739\");\n\n script_name(english:\"Debian DSA-4739-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-9862\n Ophir Lojkine discovered that copying a URL from the Web\n Inspector may lead to command injection.\n\n - CVE-2020-9893\n 0011 discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9894\n 0011 discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9895\n Wen Xu discovered that a remote attacker may be able to\n cause unexpected application termination or arbitrary\n code execution.\n\n - CVE-2020-9915\n Ayoub Ait Elmokhtar discovered that processing\n maliciously crafted web content may prevent Content\n Security Policy from being enforced.\n\n - CVE-2020-9925\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4739\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.28.4-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.28.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.28.4-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:09:07", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1275.NASL", "href": "https://www.tenable.com/plugins/nessus/140023", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1275.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140023);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1275)\");\n script_summary(english:\"Check for the openSUSE-2020-1275 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk3-lang-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-debugsource-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-devel-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.4-lp152.2.4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.4-lp152.2.4.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:29", "description": "According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.8. It is, therefore, affected by multiple vulnerabilities:\n\n - Multiple arbitrary code execution vulnerabilities exist with in the WebKit due to multiple memory corruption issues. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2019-8710, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8784, CVE-2019-8811, CVE-2019-8814, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)\n\n - Multiple issues exist with in the Libxslt due to multiple memory corruption issue. (CVE-2019-8750)\n\n - An cross site scripting vulnerability exist with in the WebKit due to logic issue. An unauthenticated, remote attacker can exploit this by processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to multiple memory corruption issue. An unauthenticated, remote attacker can exploit this by processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8815)", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "nessus", "title": "Apple iCloud 10.x < 10.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8710", "CVE-2019-8750", "CVE-2019-8766", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8784", "CVE-2019-8811", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823"], "modified": "2022-05-12T00:00:00", "cpe": ["cpe:/a:apple:icloud_for_windows"], "id": "ICLOUD_10_8.NASL", "href": "https://www.tenable.com/plugins/nessus/138093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138093);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2019-8710\",\n \"CVE-2019-8750\",\n \"CVE-2019-8766\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8784\",\n \"CVE-2019-8811\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8821\",\n \"CVE-2019-8822\",\n \"CVE-2019-8823\"\n );\n\n script_name(english:\"Apple iCloud 10.x < 10.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An iCloud software installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.8. \nIt is, therefore, affected by multiple vulnerabilities:\n\n - Multiple arbitrary code execution vulnerabilities exist with in the WebKit due to multiple memory \n corruption issues. An unauthenticated, remote attacker can exploit this to execute arbitrary code. \n (CVE-2019-8710, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8784, CVE-2019-8811, CVE-2019-8814,\n CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)\n\n - Multiple issues exist with in the Libxslt due to multiple memory corruption issue. (CVE-2019-8750)\n\n - An cross site scripting vulnerability exist with in the WebKit due to logic issue. An unauthenticated, \n remote attacker can exploit this by processing maliciously crafted web content may lead to universal \n cross site scripting. (CVE-2019-8813)\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to multiple memory corruption \n issue. An unauthenticated, remote attacker can exploit this by processing maliciously crafted web \n content may lead to arbitrary code execution. (CVE-2019-8815)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT210727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to iCloud version 10.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-8750\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:icloud_for_windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"icloud_installed.nasl\");\n script_require_keys(\"installed_sw/iCloud\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'iCloud';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n {'min_version' : '10.0', 'fixed_version' : '10.8'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:39", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2199-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2199-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2199-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139536);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:2199-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202199-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ac74cd8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2199=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2199=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-3.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-3.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:45", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2232-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2232-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139593);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2232-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.4 (bsc#1174662) :\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9862, CVE-2020-9893,\n CVE-2020-9894, CVE-2020-9895, CVE-2020-9915,\n CVE-2020-9925.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9925/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202232-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af6babc9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2232=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2232=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2232=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2232=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2232=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2232=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2232=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2232=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2232=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2232=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk3-debugsource-2.28.4-2.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:25", "description": "Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from Requires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "Fedora 31 : webkit2gtk3 (2020-a496a39b00)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-A496A39B00.NASL", "href": "https://www.tenable.com/plugins/nessus/139391", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a496a39b00.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139391);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"FEDORA\", value:\"2020-a496a39b00\");\n\n script_name(english:\"Fedora 31 : webkit2gtk3 (2020-a496a39b00)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.4. Also, drop xdg-desktop-portal-gtk and geoclue2 from\nRequires to Recommends.\n\nFixes CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895,\nCVE-2020-9915, CVE-2020-9925\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a496a39b00\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"webkit2gtk3-2.28.4-3.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:22", "description": "The remote host is affected by the vulnerability described in GLSA-202007-61 (WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "GLSA-202007-61 : WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-61.NASL", "href": "https://www.tenable.com/plugins/nessus/139269", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-61.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139269);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2020-9862\", \"CVE-2020-9893\", \"CVE-2020-9894\", \"CVE-2020-9895\", \"CVE-2020-9915\", \"CVE-2020-9925\");\n script_xref(name:\"GLSA\", value:\"202007-61\");\n\n script_name(english:\"GLSA-202007-61 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-61\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-61\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.28.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.28.4\"), vulnerable:make_list(\"lt 2.28.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:30:57", "description": "Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Fedora 32 : webkit2gtk3 (2020-ab074c6cdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-AB074C6CDF.NASL", "href": "https://www.tenable.com/plugins/nessus/138408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-ab074c6cdf.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138408);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"FEDORA\", value:\"2020-ab074c6cdf\");\n\n script_name(english:\"Fedora 32 : webkit2gtk3 (2020-ab074c6cdf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-ab074c6cdf\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"webkit2gtk3-2.28.3-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:17:04", "description": "The remote host is affected by the vulnerability described in GLSA-202007-11 (WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "GLSA-202007-11 : WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-11.NASL", "href": "https://www.tenable.com/plugins/nessus/138934", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-11.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138934);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"GLSA\", value:\"202007-11\");\n\n script_name(english:\"GLSA-202007-11 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-11\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-11\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.28.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.28.3\"), vulnerable:make_list(\"lt 2.28.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:17:11", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1990-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1990-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138831", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1990-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138831);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1990-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9803/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9843/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9850/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201990-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?03835217\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1990=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-1990=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1990=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1990=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-debugsource-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-devel-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.3-3.57.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:48", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210726 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-11-20T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.10.2 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8784", "CVE-2019-8801", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_10_2.NASL", "href": "https://www.tenable.com/plugins/nessus/131132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131132);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8784\",\n \"CVE-2019-8801\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8821\",\n \"CVE-2019-8822\",\n \"CVE-2019-8823\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT210726\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2019-10-25\");\n\n script_name(english:\"Apple iTunes < 12.10.2 Multiple Vulnerabilities (credentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.10.2. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT210726 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT210726\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.10.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\nconstraints = [{'fixed_version':'12.10.2'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:31:18", "description": "A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK+ vulnerabilities (USN-4422-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0"], "id": "UBUNTU_USN-4422-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4422-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138497);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-13753\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\"\n );\n script_xref(name:\"USN\", value:\"4422-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK+ vulnerabilities (USN-4422-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"A large number of security issues were discovered in the WebKitGTK Web\nand JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4422-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.3-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:16:26", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2069-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2069-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139172);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2069-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9803/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9843/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9850/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202069-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?763a3c01\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2069=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2069=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2069=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2069=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2069=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2069=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2069=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2069=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2069=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2069=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2069=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:15:22", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1064.NASL", "href": "https://www.tenable.com/plugins/nessus/138988", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1064.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138988);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1064)\");\n script_summary(english:\"Check for the openSUSE-2020-1064 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173998\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:16:26", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2020-9802 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9803 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9805 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2020-9806 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9807 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9843 Ryan Pickren discovered that processing maliciously crafted web content may lead to a cross site scripting attack.\n\n - CVE-2020-9850 @jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote attacker may be able to cause arbitrary code execution.\n\n - CVE-2020-13753 Milan Crha discovered that an attacker may be able to execute commands outside the bubblewrap sandbox.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Debian DSA-4724-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4724.NASL", "href": "https://www.tenable.com/plugins/nessus/138644", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4724. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138644);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"DSA\", value:\"4724\");\n\n script_name(english:\"Debian DSA-4724-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-9802\n Samuel Gross discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2020-9803\n Wen Xu discovered that processing maliciously crafted\n web content may lead to arbitrary code execution.\n\n - CVE-2020-9805\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2020-9806\n Wen Xu discovered that processing maliciously crafted\n web content may lead to arbitrary code execution.\n\n - CVE-2020-9807\n Wen Xu discovered that processing maliciously crafted\n web content may lead to arbitrary code execution.\n\n - CVE-2020-9843\n Ryan Pickren discovered that processing maliciously\n crafted web content may lead to a cross site scripting\n attack.\n\n - CVE-2020-9850\n @jinmo123, @setuid0x0_, and @insu_yun_en discovered that\n a remote attacker may be able to cause arbitrary code\n execution.\n\n - CVE-2020-13753\n Milan Crha discovered that an attacker may be able to\n execute commands outside the bubblewrap sandbox.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-13753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4724\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.28.3-2~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.28.3-2~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:33:56", "description": "The WebKitGTK project reports vulnerabilities :\n\n- CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9805: Processing maliciously crafted web content may lead to universal cross site scripting.\n\n- CVE-2020-9806: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9807: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9843: Processing maliciously crafted web content may lead to a cross site scripting attack.\n\n- CVE-2020-9850: A remote attacker may be able to cause arbitrary code execution.\n\n- CVE-2020-13753: CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer.", "cvss3": {}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "FreeBSD : webkit2-gtk3 -- multible vulnerabilities (efd03116-c2a9-11ea-82bc-b42e99a1b9c3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_EFD03116C2A911EA82BCB42E99A1B9C3.NASL", "href": "https://www.tenable.com/plugins/nessus/140680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140680);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"FreeBSD : webkit2-gtk3 -- multible vulnerabilities (efd03116-c2a9-11ea-82bc-b42e99a1b9c3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The WebKitGTK project reports vulnerabilities :\n\n- CVE-2020-9802: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9803: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9805: Processing maliciously crafted web content may lead\nto universal cross site scripting.\n\n- CVE-2020-9806: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9807: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9843: Processing maliciously crafted web content may lead\nto a cross site scripting attack.\n\n- CVE-2020-9850: A remote attacker may be able to cause arbitrary code\nexecution.\n\n- CVE-2020-13753: CLONE_NEWUSER could potentially be used to confuse\nxdg- desktop-portal, which allows access outside the sandbox. TIOCSTI\ncan be used to directly execute commands outside the sandbox by\nwriting to the controlling terminal's input buffer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://webkitgtk.org/security/WSA-2020-0006.html\");\n # https://vuxml.freebsd.org/freebsd/efd03116-c2a9-11ea-82bc-b42e99a1b9c3.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?113db128\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.28.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:17:05", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1992-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1992-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1992-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138833);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1992-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9803/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9843/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9850/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201992-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8a3d7cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1992=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1992=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.3-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:30:23", "description": "Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Fedora 31 : webkit2gtk3 (2020-d2736ee493)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-D2736EE493.NASL", "href": "https://www.tenable.com/plugins/nessus/138655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-d2736ee493.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138655);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"FEDORA\", value:\"2020-d2736ee493\");\n\n script_name(english:\"Fedora 31 : webkit2gtk3 (2020-d2736ee493)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-d2736ee493\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"webkit2gtk3-2.28.3-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:36", "description": "According to its version, the iCloud application installed on the remote Windows host is 7.x prior to 7.15. It is, therefore, affected by multiple vulnerabilities:\n\n - Multiple arbitrary code execution vulnerabilities exist with in the WebKit due to multiple memory corruption issues. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2019-8783, CVE-2019-8784, CVE-2019-8811, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)", "cvss3": {}, "published": "2020-07-02T00:00:00", "type": "nessus", "title": "Apple iCloud 7.x < 7.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8783", "CVE-2019-8784", "CVE-2019-8811", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823"], "modified": "2020-08-14T00:00:00", "cpe": ["cpe:/a:apple:icloud_for_windows"], "id": "ICLOUD_7_15.NASL", "href": "https://www.tenable.com/plugins/nessus/138080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138080);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\n \"CVE-2019-8783\",\n \"CVE-2019-8784\",\n \"CVE-2019-8811\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8821\",\n \"CVE-2019-8822\",\n \"CVE-2019-8823\"\n );\n\n script_name(english:\"Apple iCloud 7.x < 7.15 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An iCloud software installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the iCloud application installed on the remote Windows host is 7.x prior to 7.15. \nIt is, therefore, affected by multiple vulnerabilities:\n\n - Multiple arbitrary code execution vulnerabilities exist with in the WebKit due to multiple memory \n corruption issues. An unauthenticated, remote attacker can exploit this to execute arbitrary code. \n (CVE-2019-8783, CVE-2019-8784, CVE-2019-8811, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819,\n CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/HT210728\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to iCloud version 7.15 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:icloud_for_windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"icloud_installed.nasl\");\n script_require_keys(\"installed_sw/iCloud\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'iCloud';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n {'min_version' : '7.0', 'fixed_version' : '7.15'},\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:03", "description": "The WebKitGTK project reports multiple vulnerabilities.", "cvss3": {}, "published": "2020-02-20T00:00:00", "type": "nessus", "title": "FreeBSD : webkit-gtk3 -- Multiple vulnerabilities (1cb0af4e-d641-4f99-9432-297a89447a97)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2020-03-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1CB0AF4ED6414F999432297A89447A97.NASL", "href": "https://www.tenable.com/plugins/nessus/133822", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133822);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n\n script_name(english:\"FreeBSD : webkit-gtk3 -- Multiple vulnerabilities (1cb0af4e-d641-4f99-9432-297a89447a97)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The WebKitGTK project reports multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2020-0002.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1cb0af4e-d641-4f99-9432-297a89447a97.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3064b1a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.26.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:20", "description": "- Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "Fedora 30 : webkit2gtk3 (2020-4d11d35a1f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2020-03-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-4D11D35A1F.NASL", "href": "https://www.tenable.com/plugins/nessus/133885", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-4d11d35a1f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133885);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"FEDORA\", value:\"2020-4d11d35a1f\");\n\n script_name(english:\"Fedora 30 : webkit2gtk3 (2020-4d11d35a1f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864,\n CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4d11d35a1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"webkit2gtk3-2.26.4-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:52:09", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-4178-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8720", "CVE-2019-8769", "CVE-2019-8771"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0"], "id": "UBUNTU_USN-4178-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4178-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130756);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-8625\",\n \"CVE-2019-8720\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\"\n );\n script_xref(name:\"USN\", value:\"4178-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-4178-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4178-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8771\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-8720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.26.1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.26.1-0ubuntu0.18.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:01", "description": "- Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-20T00:00:00", "type": "nessus", "title": "Fedora 31 : webkit2gtk3 (2020-3269917c2f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2020-03-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-3269917C2F.NASL", "href": "https://www.tenable.com/plugins/nessus/133819", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-3269917c2f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133819);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"FEDORA\", value:\"2020-3269917c2f\");\n\n script_name(english:\"Fedora 31 : webkit2gtk3 (2020-3269917c2f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864,\n CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-3269917c2f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"webkit2gtk3-2.26.4-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:16", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2020-3862 Srikanth Gatta discovered that a malicious website may be able to cause a denial of service.\n\n - CVE-2020-3864 Ryan Pickren discovered that a DOM object context may not have had a unique security origin.\n\n - CVE-2020-3865 Ryan Pickren discovered that a top-level DOM object context may have incorrectly been considered secure.\n\n - CVE-2020-3867 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2020-3868 Marcin Towalski discovered that processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {}, "published": "2020-02-18T00:00:00", "type": "nessus", "title": "Debian DSA-4627-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2020-03-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4627.NASL", "href": "https://www.tenable.com/plugins/nessus/133734", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4627. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133734);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"DSA\", value:\"4627\");\n\n script_name(english:\"Debian DSA-4627-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-3862\n Srikanth Gatta discovered that a malicious website may\n be able to cause a denial of service.\n\n - CVE-2020-3864\n Ryan Pickren discovered that a DOM object context may\n not have had a unique security origin.\n\n - CVE-2020-3865\n Ryan Pickren discovered that a top-level DOM object\n context may have incorrectly been considered secure.\n\n - CVE-2020-3867\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2020-3868\n Marcin Towalski discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4627\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.26.4-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.26.4-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:19:29", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-19T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-4281-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0"], "id": "UBUNTU_USN-4281-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4281-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133794);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\"\n );\n script_xref(name:\"USN\", value:\"4281-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-4281-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4281-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3868\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.26.4-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.26.4-0ubuntu0.18.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:39", "description": "Rebasing to 2.26.x\n\nFor release info please see https://www.webkitgtk.org/2019/09/09/webkitgtk2.26.0-released.html and https://www.webkitgtk.org/2019/09/23/webkitgtk2.26.1-released.html\n\nCVE fixes: CVE-2019-8625, CVE-2019-8720, CVE-2019-8769, CVE-2019-8771\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-04T00:00:00", "type": "nessus", "title": "Fedora 30 : webkit2gtk3 (2019-99db7a510e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8720", "CVE-2019-8769", "CVE-2019-8771"], "modified": "2023-03-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-99DB7A510E.NASL", "href": "https://www.tenable.com/plugins/nessus/130486", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-99db7a510e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130486);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/14\");\n\n script_cve_id(\"CVE-2019-8625\", \"CVE-2019-8720\", \"CVE-2019-8769\", \"CVE-2019-8771\");\n script_xref(name:\"FEDORA\", value:\"2019-99db7a510e\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"Fedora 30 : webkit2gtk3 (2019-99db7a510e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Rebasing to 2.26.x\n\nFor release info please see\nhttps://www.webkitgtk.org/2019/09/09/webkitgtk2.26.0-released.html and\nhttps://www.webkitgtk.org/2019/09/23/webkitgtk2.26.1-released.html\n\nCVE fixes: CVE-2019-8625, CVE-2019-8720, CVE-2019-8769, CVE-2019-8771\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-99db7a510e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.webkitgtk.org/2019/09/09/webkitgtk2.26.0-released.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8771\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"webkit2gtk3-2.26.1-3.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:07", "description": "Several vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2019-8625 Sergei Glazunov discovered that maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2019-8720 Wen Xu discovered that maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8769 Pierre Reimertz discovered that visiting a maliciously crafted website may reveal browsing history.\n\n - CVE-2019-8771 Eliya Stein discovered that maliciously crafted web content may violate iframe sandboxing policy.", "cvss3": {}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "Debian DSA-4558-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8625", "CVE-2019-8720", "CVE-2019-8769", "CVE-2019-8771"], "modified": "2023-03-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4558.NASL", "href": "https://www.tenable.com/plugins/nessus/130524", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4558. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130524);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/14\");\n\n script_cve_id(\"CVE-2019-8625\", \"CVE-2019-8720\", \"CVE-2019-8769\", \"CVE-2019-8771\");\n script_xref(name:\"DSA\", value:\"4558\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"Debian DSA-4558-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the webkit2gtk web\nengine :\n\n - CVE-2019-8625\n Sergei Glazunov discovered that maliciously crafted web\n content may lead to universal cross site scripting.\n\n - CVE-2019-8720\n Wen Xu discovered that maliciously crafted web content\n may lead to arbitrary code execution.\n\n - CVE-2019-8769\n Pierre Reimertz discovered that visiting a maliciously\n crafted website may reveal browsing history.\n\n - CVE-2019-8771\n Eliya Stein discovered that maliciously crafted web\n content may violate iframe sandboxing policy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-8625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-8720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-8769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-8771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4558\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.26.1-3~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8771\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.26.1-3~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.26.1-3~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:34", "description": "This update for webkit2gtk3 to version 2.26.2 fixes the following issues :\n\nWebkit2gtk3 was updated to version 2.26.2 (WSA-2019-0005 and WSA-2019-0006, bsc#1155321 bsc#1156318) \n\nSecurity issues addressed :\n\n - CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting. \n\n - CVE-2019-8674: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2019-8707: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8719: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2019-8720: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8726: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8733: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8735: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8763: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8768: Fixed an issue where a user may be unable to delete browsing history items.\n\n - CVE-2019-8769: Fixed an issue where a maliciously crafted website may reveal browsing history.\n\n - CVE-2019-8771: Fixed an issue where a maliciously crafted web content may violate iframe sandboxing policy.\n\n - CVE-2019-8710: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8743: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8764: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2019-8765: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8766: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8782: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8783: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8808: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8811: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8812: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8813: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2019-8814: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8815: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8816: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8819: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8820: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8821: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8822: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2019-8823: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-2587)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8625", "CVE-2019-8674", "CVE-2019-8681", "CVE-2019-8684", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8688", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8707", "CVE-2019-8710", "CVE-2019-8719", "CVE-2019-8720", "CVE-2019-8726", "CVE-2019-8733", "CVE-2019-8735", "CVE-2019-8743", "CVE-2019-8763", "CVE-2019-8764", "CVE-2019-8765", "CVE-2019-8766", "CVE-2019-8768", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2587.NASL", "href": "https://www.tenable.com/plugins/nessus/131533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2587.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131533);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-8551\",\n \"CVE-2019-8558\",\n \"CVE-2019-8559\",\n \"CVE-2019-8563\",\n \"CVE-2019-8625\",\n \"CVE-2019-8674\",\n \"CVE-2019-8681\",\n \"CVE-2019-8684\",\n \"CVE-2019-8686\",\n \"CVE-2019-8687\",\n \"CVE-2019-8688\",\n \"CVE-2019-8689\",\n \"CVE-2019-8690\",\n \"CVE-2019-8707\",\n \"CVE-2019-8710\",\n \"CVE-2019-8719\",\n \"CVE-2019-8720\",\n \"CVE-2019-8726\",\n \"CVE-2019-8733\",\n \"CVE-2019-8735\",\n \"CVE-2019-8743\",\n \"CVE-2019-8763\",\n \"CVE-2019-8764\",\n \"CVE-2019-8765\",\n \"CVE-2019-8766\",\n \"CVE-2019-8768\",\n \"CVE-2019-8769\",\n \"CVE-2019-8771\",\n \"CVE-2019-8782\",\n \"CVE-2019-8783\",\n \"CVE-2019-8808\",\n \"CVE-2019-8811\",\n \"CVE-2019-8812\",\n \"CVE-2019-8813\",\n \"CVE-2019-8814\",\n \"CVE-2019-8815\",\n \"CVE-2019-8816\",\n \"CVE-2019-8819\",\n \"CVE-2019-8820\",\n \"CVE-2019-8821\",\n \"CVE-2019-8822\",\n \"CVE-2019-8823\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-2587)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 to version 2.26.2 fixes the following\nissues :\n\nWebkit2gtk3 was updated to version 2.26.2 (WSA-2019-0005 and\nWSA-2019-0006, bsc#1155321 bsc#1156318) \n\nSecurity issues addressed :\n\n - CVE-2019-8625: Fixed a logic issue where by processing\n maliciously crafted web content may lead to universal\n cross site scripting. \n\n - CVE-2019-8674: Fixed a logic issue where by processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2019-8707: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8719: Fixed a logic issue where by processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2019-8720: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8726: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8733: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8735: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8763: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8768: Fixed an issue where a user may be unable\n to delete browsing history items.\n\n - CVE-2019-8769: Fixed an issue where a maliciously\n crafted website may reveal browsing history.\n\n - CVE-2019-8771: Fixed an issue where a maliciously\n crafted web content may violate iframe sandboxing\n policy.\n\n - CVE-2019-8710: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8743: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8764: Fixed a logic issue where by processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2019-8765: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8766: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8782: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8783: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8808: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8811: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8812: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8813: Fixed a logic issue where by processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2019-8814: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8815: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8816: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8819: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8820: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8821: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8822: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\n - CVE-2019-8823: Fixed multiple memory corruption issues\n where by processing maliciously crafted web content may\n lead to arbitrary code execution.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156318\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkit2gtk3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");

CentOS 8 : GNOME (CESA-2020:4451)

Description

Related