EulerOS Virtualization for ARM 64 3.0.2.0 : webkitgtk4 (EulerOS-SA-2020-1199)
2020-03-13T00:00:00
ID EULEROS_SA-2020-1199.NASL Type nessus Reporter This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2020-03-13T00:00:00
Description
According to the version of the webkitgtk4 packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerability :
WebKitGTK and WPE WebKit prior to version 2.24.1 are
vulnerable to address bar spoofing upon certain
JavaScript redirections. An attacker could cause
malicious web content to be displayed as if for a
trusted URI. This is similar to the CVE-2018-8383 issue
in Microsoft Edge.(CVE-2019-6251)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(134488);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2019-6251"
);
script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : webkitgtk4 (EulerOS-SA-2020-1199)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the webkitgtk4 packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerability :
- WebKitGTK and WPE WebKit prior to version 2.24.1 are
vulnerable to address bar spoofing upon certain
JavaScript redirections. An attacker could cause
malicious web content to be displayed as if for a
trusted URI. This is similar to the CVE-2018-8383 issue
in Microsoft Edge.(CVE-2019-6251)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1199
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0aa86024");
script_set_attribute(attribute:"solution", value:
"Update the affected webkitgtk4 package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:webkitgtk4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:webkitgtk4-jsc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:webkitgtk4-plugin-process-gtk2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["webkitgtk4-2.16.6-6.h7",
"webkitgtk4-jsc-2.16.6-6.h7",
"webkitgtk4-plugin-process-gtk2-2.16.6-6.h7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkitgtk4");
}
{"id": "EULEROS_SA-2020-1199.NASL", "bulletinFamily": "scanner", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : webkitgtk4 (EulerOS-SA-2020-1199)", "description": "According to the version of the webkitgtk4 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2020-03-13T00:00:00", "modified": "2020-03-13T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/134488", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0aa86024"], "cvelist": ["CVE-2019-6251", "CVE-2018-8383"], "type": "nessus", "lastseen": "2021-01-07T09:02:59", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-8383", "CVE-2019-6251"]}, {"type": "symantec", "idList": ["SMNTC-105024"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1130.NASL", "SUSE_SU-2019-1155-1.NASL", "FEDORA_2019-B3AD0A302B.NASL", "UBUNTU_USN-3948-1.NASL", "EULEROS_SA-2019-2197.NASL", "FEDORA_2019-77433FC7F3.NASL", "EULEROS_SA-2019-2196.NASL", "FEDORA_2019-D9A15BE3BA.NASL", "FEDORA_2019-74F7603660.NASL", "FEDORA_2019-432B3DFF25.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220192197", "OPENVAS:1361412562310843977", "OPENVAS:1361412562311220201199", "OPENVAS:1361412562310875573", "OPENVAS:1361412562310852496", "OPENVAS:1361412562310813843", "OPENVAS:1361412562310875853", "OPENVAS:1361412562311220192196", "OPENVAS:1361412562310852488"]}, {"type": "thn", "idList": ["THN:A86F600F341C94FD6A5A2F782ABA7B7F"]}, {"type": "threatpost", "idList": ["THREATPOST:853D3B2E6754D9F03E63C0924660FE23"]}, {"type": "fedora", "idList": ["FEDORA:BE07E602DC1B", "FEDORA:9E3DD60C9822", "FEDORA:EBC13604817B", "FEDORA:029E76094083", "FEDORA:C8A9E601CF8F"]}, {"type": "ubuntu", "idList": ["USN-3948-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1391-1", "OPENSUSE-SU-2019:1374-1"]}, {"type": "kaspersky", "idList": ["KLA11306"]}, {"type": "freebsd", "idList": ["3DD46E05-9FB0-11E9-BF65-00012E582166"]}, {"type": "gentoo", "idList": ["GLSA-201909-05"]}, {"type": "amazon", "idList": ["ALAS2-2020-1563"]}, {"type": "redhat", "idList": ["RHSA-2020:4298", "RHSA-2020:4035", "RHSA-2019:3553"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A9E55A97439608C62C1BF62669B8074A"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4035"]}, {"type": "centos", "idList": ["CESA-2020:4035"]}], "modified": "2021-01-07T09:02:59", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-01-07T09:02:59", "rev": 2}, "vulnersScore": 5.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134488);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-6251\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : webkitgtk4 (EulerOS-SA-2020-1199)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the webkitgtk4 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1199\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0aa86024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkitgtk4 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"webkitgtk4-2.16.6-6.h7\",\n \"webkitgtk4-jsc-2.16.6-6.h7\",\n \"webkitgtk4-plugin-process-gtk2-2.16.6-6.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "134488", "cpe": ["p-cpe:/a:huawei:euleros:webkitgtk4-plugin-process-gtk2", "cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:webkitgtk4-jsc", "p-cpe:/a:huawei:euleros:webkitgtk4"], "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "scheme": null}
{"cve": [{"lastseen": "2020-10-03T13:20:26", "description": "A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2018-08-15T17:29:00", "title": "CVE-2018-8383", "type": "cve", "cwe": ["CWE-290"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8383"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-8383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8383", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:55", "description": "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.", "edition": 9, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-01-14T08:29:00", "title": "CVE-2019-6251", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-6251"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/a:gnome:epiphany:3.31.4", "cpe:/o:opensuse:leap:42.3", "cpe:/o:fedoraproject:fedora:28"], "id": "CVE-2019-6251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6251", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:epiphany:3.31.4:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-08-15T02:14:38", "bulletinFamily": "software", "cvelist": ["CVE-2018-8383"], "description": "### Description\n\nMicrosoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nNever follow links provided by unknown or untrusted sources.\n\n**Set web browser security to disable the execution of script code or active content.** \nSince a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-08-14T00:00:00", "published": "2018-08-14T00:00:00", "id": "SMNTC-105024", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105024", "type": "symantec", "title": "Microsoft Edge CVE-2018-8383 Spoofing Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-21T09:06:49", "description": "According to the version of the webkitgtk3 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 1, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2021-01-20T00:00:00", "title": "EulerOS 2.0 SP3 : webkitgtk3 (EulerOS-SA-2021-1130)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251", "CVE-2018-8383"], "modified": "2021-01-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:webkitgtk3", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1130.NASL", "href": "https://www.tenable.com/plugins/nessus/145105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145105);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/20\");\n\n script_cve_id(\n \"CVE-2019-6251\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : webkitgtk3 (EulerOS-SA-2021-1130)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the webkitgtk3 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1130\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e35360c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkitgtk3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"webkitgtk3-2.4.9-6.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk3\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T08:59:55", "description": "According to the version of the webkitgtk3 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP5 : webkitgtk3 (EulerOS-SA-2019-2196)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251", "CVE-2018-8383"], "modified": "2019-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:webkitgtk3", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2196.NASL", "href": "https://www.tenable.com/plugins/nessus/130658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130658);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-6251\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : webkitgtk3 (EulerOS-SA-2019-2196)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the webkitgtk3 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2196\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?710047cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkitgtk3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"webkitgtk3-2.4.11-2.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk3\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T08:59:55", "description": "According to the version of the webkitgtk4 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP5 : webkitgtk4 (EulerOS-SA-2019-2197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251", "CVE-2018-8383"], "modified": "2019-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:webkitgtk4-plugin-process-gtk2", "p-cpe:/a:huawei:euleros:webkitgtk4-jsc", "p-cpe:/a:huawei:euleros:webkitgtk4-devel", "p-cpe:/a:huawei:euleros:webkitgtk4-jsc-devel", "p-cpe:/a:huawei:euleros:webkitgtk4", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2197.NASL", "href": "https://www.tenable.com/plugins/nessus/130659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130659);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-6251\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : webkitgtk4 (EulerOS-SA-2019-2197)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the webkitgtk4 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - WebKitGTK and WPE WebKit prior to version 2.24.1 are\n vulnerable to address bar spoofing upon certain\n JavaScript redirections. An attacker could cause\n malicious web content to be displayed as if for a\n trusted URI. This is similar to the CVE-2018-8383 issue\n in Microsoft Edge.(CVE-2019-6251)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2197\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?98d08b12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkitgtk4 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:webkitgtk4-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"webkitgtk4-2.16.6-6.h5.eulerosv2r7\",\n \"webkitgtk4-devel-2.16.6-6.h5.eulerosv2r7\",\n \"webkitgtk4-jsc-2.16.6-6.h5.eulerosv2r7\",\n \"webkitgtk4-jsc-devel-2.16.6-6.h5.eulerosv2r7\",\n \"webkitgtk4-plugin-process-gtk2-2.16.6-6.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T02:24:12", "description": "New version, fixes CVE-2019-6251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2019-05-02T00:00:00", "title": "Fedora 30 : wpewebkit (2019-77433fc7f3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:wpewebkit"], "id": "FEDORA_2019-77433FC7F3.NASL", "href": "https://www.tenable.com/plugins/nessus/124507", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-77433fc7f3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124507);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-6251\");\n script_xref(name:\"FEDORA\", value:\"2019-77433fc7f3\");\n\n script_name(english:\"Fedora 30 : wpewebkit (2019-77433fc7f3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version, fixes CVE-2019-6251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-77433fc7f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpewebkit package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wpewebkit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"wpewebkit-2.24.1-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpewebkit\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T02:24:11", "description": "New version, fixes CVE-2019-6251\n\n----\n\nNew version\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2019-04-30T00:00:00", "title": "Fedora 29 : wpewebkit (2019-74f7603660)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:wpewebkit"], "id": "FEDORA_2019-74F7603660.NASL", "href": "https://www.tenable.com/plugins/nessus/124371", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-74f7603660.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124371);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-6251\");\n script_xref(name:\"FEDORA\", value:\"2019-74f7603660\");\n\n script_name(english:\"Fedora 29 : wpewebkit (2019-74f7603660)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version, fixes CVE-2019-6251\n\n----\n\nNew version\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-74f7603660\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpewebkit package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wpewebkit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"wpewebkit-2.24.1-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpewebkit\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T02:23:07", "description": "Rebase to latest stable branch 2.24.\n\nFor details see 2.23 and 2.24 release notes :\n\n- https://www.webkitgtk.org/2018/11/22/webkitgtk2.23.1-released.html\n\n- https://www.webkitgtk.org/2019/01/08/webkitgtk2.23.2-released.html\n\n- https://www.webkitgtk.org/2019/01/14/webkitgtk2.23.3-released.html\n\n- https://www.webkitgtk.org/2019/02/14/webkitgtk2.23.90-released.html\n\n- https://www.webkitgtk.org/2019/02/20/webkitgtk2.23.91-released.html\n\n- https://www.webkitgtk.org/2019/03/06/webkitgtk2.23.92-released.html\n\n- https://www.webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.html\n\n- https://www.webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html\n\nSecurity fix for CVE-2019-6251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2019-04-25T00:00:00", "title": "Fedora 28 : webkit2gtk3 (2019-432b3dff25)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-432B3DFF25.NASL", "href": "https://www.tenable.com/plugins/nessus/124285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-432b3dff25.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124285);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-6251\");\n script_xref(name:\"FEDORA\", value:\"2019-432b3dff25\");\n\n script_name(english:\"Fedora 28 : webkit2gtk3 (2019-432b3dff25)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to latest stable branch 2.24.\n\nFor details see 2.23 and 2.24 release notes :\n\n- https://www.webkitgtk.org/2018/11/22/webkitgtk2.23.1-released.html\n\n- https://www.webkitgtk.org/2019/01/08/webkitgtk2.23.2-released.html\n\n- https://www.webkitgtk.org/2019/01/14/webkitgtk2.23.3-released.html\n\n- https://www.webkitgtk.org/2019/02/14/webkitgtk2.23.90-released.html\n\n- https://www.webkitgtk.org/2019/02/20/webkitgtk2.23.91-released.html\n\n- https://www.webkitgtk.org/2019/03/06/webkitgtk2.23.92-released.html\n\n- https://www.webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.html\n\n- https://www.webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html\n\nSecurity fix for CVE-2019-6251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-432b3dff25\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"webkit2gtk3-2.24.1-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T02:27:19", "description": "Rebase to latest stable branch 2.24.\n\nFor details see 2.23 and 2.24 release notes :\n\n- https://www.webkitgtk.org/2018/11/22/webkitgtk2.23.1-released.html\n\n- https://www.webkitgtk.org/2019/01/08/webkitgtk2.23.2-released.html\n\n- https://www.webkitgtk.org/2019/01/14/webkitgtk2.23.3-released.html\n\n- https://www.webkitgtk.org/2019/02/14/webkitgtk2.23.90-released.html\n\n- https://www.webkitgtk.org/2019/02/20/webkitgtk2.23.91-released.html\n\n- https://www.webkitgtk.org/2019/03/06/webkitgtk2.23.92-released.html\n\n- https://www.webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.html\n\n- https://www.webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html\n\nSecurity fix for CVE-2019-6251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2019-04-16T00:00:00", "title": "Fedora 29 : webkit2gtk3 (2019-b3ad0a302b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:webkit2gtk3"], "id": "FEDORA_2019-B3AD0A302B.NASL", "href": "https://www.tenable.com/plugins/nessus/124067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-b3ad0a302b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124067);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-6251\");\n script_xref(name:\"FEDORA\", value:\"2019-b3ad0a302b\");\n\n script_name(english:\"Fedora 29 : webkit2gtk3 (2019-b3ad0a302b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to latest stable branch 2.24.\n\nFor details see 2.23 and 2.24 release notes :\n\n- https://www.webkitgtk.org/2018/11/22/webkitgtk2.23.1-released.html\n\n- https://www.webkitgtk.org/2019/01/08/webkitgtk2.23.2-released.html\n\n- https://www.webkitgtk.org/2019/01/14/webkitgtk2.23.3-released.html\n\n- https://www.webkitgtk.org/2019/02/14/webkitgtk2.23.90-released.html\n\n- https://www.webkitgtk.org/2019/02/20/webkitgtk2.23.91-released.html\n\n- https://www.webkitgtk.org/2019/03/06/webkitgtk2.23.92-released.html\n\n- https://www.webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.html\n\n- https://www.webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html\n\nSecurity fix for CVE-2019-6251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3ad0a302b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"webkit2gtk3-2.24.1-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T02:27:45", "description": " - Do not allow changes in active URI before provisional\n load starts for non-API requests.\n\n - Stop the threaded compositor when the page is not\n visible or layer tree state is frozen.\n\n - Use WebKit HTTP source element again for adaptive\n streaming fragments downloading.\n\n - Properly handle empty resources in\n webkit_web_resource_get_data().\n\n - Add quirk to ensure outlook.live.com uses the modern UI.\n\n - Fix methods returing GObject or boxed types in\n JavaScriptCore GLib API.\n\n - Ensure callback data is passed to functions and\n constructors with no parameters in JavaScriptCore GLib\n API.\n\n - Fix rendering of complex text when the font uses x,y\n origins.\n\n - Fix sound loop with Google Hangouts and WhatsApp\n notifications.\n\n - Fix the build with GStreamer 1.12.5 and GST GL enabled.\n\n - Detect SSE2 at compile time.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2019-6251, CVE-2019-11070.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2019-05-02T00:00:00", "title": "Fedora 30 : webkit2gtk3 (2019-d9a15be3ba)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11070", "CVE-2019-6251"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:webkit2gtk3"], "id": "FEDORA_2019-D9A15BE3BA.NASL", "href": "https://www.tenable.com/plugins/nessus/124544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d9a15be3ba.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124544);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6251\");\n script_xref(name:\"FEDORA\", value:\"2019-d9a15be3ba\");\n\n script_name(english:\"Fedora 30 : webkit2gtk3 (2019-d9a15be3ba)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Do not allow changes in active URI before provisional\n load starts for non-API requests.\n\n - Stop the threaded compositor when the page is not\n visible or layer tree state is frozen.\n\n - Use WebKit HTTP source element again for adaptive\n streaming fragments downloading.\n\n - Properly handle empty resources in\n webkit_web_resource_get_data().\n\n - Add quirk to ensure outlook.live.com uses the modern UI.\n\n - Fix methods returing GObject or boxed types in\n JavaScriptCore GLib API.\n\n - Ensure callback data is passed to functions and\n constructors with no parameters in JavaScriptCore GLib\n API.\n\n - Fix rendering of complex text when the font uses x,y\n origins.\n\n - Fix sound loop with Google Hangouts and WhatsApp\n notifications.\n\n - Fix the build with GStreamer 1.12.5 and GST GL enabled.\n\n - Detect SSE2 at compile time.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2019-6251, CVE-2019-11070.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d9a15be3ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"webkit2gtk3-2.24.1-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-09-18T10:59:25", "description": "A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-17T00:00:00", "title": "Ubuntu 18.04 LTS / 18.10 : WebKitGTK+ vulnerabilities (USN-3948-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8518", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8375", "CVE-2019-8524"], "modified": "2019-04-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3948-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3948-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124115);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6251\", \"CVE-2019-8375\", \"CVE-2019-8506\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_xref(name:\"USN\", value:\"3948-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 18.10 : WebKitGTK+ vulnerabilities (USN-3948-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3948-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8544\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.24.1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.24.1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.24.1-0ubuntu0.18.10.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.24.1-0ubuntu0.18.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:18:03", "description": "This update for webkit2gtk3 to version 2.24.1 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\nCVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524,\nCVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551,\nCVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070\n(bsc#1132256).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-07T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:1155-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "modified": "2019-05-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo"], "id": "SUSE_SU-2019-1155-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124674", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1155-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124674);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\", \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:1155-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.24.1 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\nCVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524,\nCVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551,\nCVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070\n(bsc#1132256).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6201/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7292/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8506/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8558/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8559/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8563/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191155-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ffbd718\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1155=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-1155=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-1155=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1155=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-1155=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1155=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1155=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1155=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1155=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1155=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1155=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-1155=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1155=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.24.1-2.41.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-03-14T16:48:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251", "CVE-2018-8383"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-13T00:00:00", "published": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201199", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2020-1199)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1199\");\n script_version(\"2020-03-13T07:13:52+0000\");\n script_cve_id(\"CVE-2019-6251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:13:52 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:13:52 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2020-1199)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1199\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1199\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'webkitgtk4' package(s) announced via the EulerOS-SA-2020-1199 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.(CVE-2019-6251)\");\n\n script_tag(name:\"affected\", value:\"'webkitgtk4' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~6.h7\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4-jsc\", rpm:\"webkitgtk4-jsc~2.16.6~6.h7\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4-plugin-process-gtk2\", rpm:\"webkitgtk4-plugin-process-gtk2~2.16.6~6.h7\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-27T18:32:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251", "CVE-2018-8383"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192197", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2019-2197)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2197\");\n script_version(\"2020-01-23T12:37:54+0000\");\n script_cve_id(\"CVE-2019-6251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:37:54 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:37:54 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2019-2197)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2197\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2197\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'webkitgtk4' package(s) announced via the EulerOS-SA-2019-2197 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.(CVE-2019-6251)\");\n\n script_tag(name:\"affected\", value:\"'webkitgtk4' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~6.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4-devel\", rpm:\"webkitgtk4-devel~2.16.6~6.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4-jsc\", rpm:\"webkitgtk4-jsc~2.16.6~6.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4-jsc-devel\", rpm:\"webkitgtk4-jsc-devel~2.16.6~6.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk4-plugin-process-gtk2\", rpm:\"webkitgtk4-plugin-process-gtk2~2.16.6~6.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-27T18:40:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251", "CVE-2018-8383"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192196", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for webkitgtk3 (EulerOS-SA-2019-2196)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2196\");\n script_version(\"2020-01-23T12:37:53+0000\");\n script_cve_id(\"CVE-2019-6251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:37:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:37:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for webkitgtk3 (EulerOS-SA-2019-2196)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2196\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2196\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'webkitgtk3' package(s) announced via the EulerOS-SA-2019-2196 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.(CVE-2019-6251)\");\n\n script_tag(name:\"affected\", value:\"'webkitgtk3' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"webkitgtk3\", rpm:\"webkitgtk3~2.4.11~2.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251"], "description": "The remote host is missing an update for the\n ", "modified": "2019-04-30T00:00:00", "published": "2019-04-25T00:00:00", "id": "OPENVAS:1361412562310875573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875573", "type": "openvas", "title": "Fedora Update for webkit2gtk3 FEDORA-2019-432b3dff25", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875573\");\n script_version(\"2019-04-30T06:40:08+0000\");\n script_cve_id(\"CVE-2019-6251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-04-30 06:40:08 +0000 (Tue, 30 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-25 02:09:41 +0000 (Thu, 25 Apr 2019)\");\n script_name(\"Fedora Update for webkit2gtk3 FEDORA-2019-432b3dff25\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-432b3dff25\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'webkit2gtk3' package(s) announced via the FEDORA-2019-432b3dff25 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WebKitGTK is the port of the portable web\n rendering engine WebKit to the GTK platform.\n\nThis package contains WebKit2 based WebKitGTK for GTK 3.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3\", rpm:\"webkit2gtk3~2.24.1~1.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-6251"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875853", "type": "openvas", "title": "Fedora Update for webkit2gtk3 FEDORA-2019-b3ad0a302b", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875853\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-6251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:24:10 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for webkit2gtk3 FEDORA-2019-b3ad0a302b\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b3ad0a302b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the FEDORA-2019-b3ad0a302b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform.\n\nThis package contains WebKit2 based WebKitGTK for GTK 3.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3\", rpm:\"webkit2gtk3~2.24.1~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-08T12:54:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8518", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8375", "CVE-2019-8524"], "description": "The remote host is missing an update for\n the ", "modified": "2020-01-06T00:00:00", "published": "2019-04-17T00:00:00", "id": "OPENVAS:1361412562310843977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843977", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3948-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843977\");\n script_version(\"2020-01-06T10:43:33+0000\");\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6251\", \"CVE-2019-8375\", \"CVE-2019-8506\",\n \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\",\n \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\",\n \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-06 10:43:33 +0000 (Mon, 06 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-17 02:00:36 +0000 (Wed, 17 Apr 2019)\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3948-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU18\\.10)\");\n\n script_xref(name:\"USN\", value:\"3948-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3948-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'webkit2gtk' package(s) announced via the USN-3948-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A large number of security issues were\ndiscovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\ninto viewing a malicious website, a remote attacker could exploit a variety of\nissues related to web browser security, including cross-site scripting attacks,\ndenial of service attacks, and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.24.1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.24.1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.24.1-0ubuntu0.18.10.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.24.1-0ubuntu0.18.10.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310852496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852496", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1391-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852496\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\",\n \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\",\n \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\",\n \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-14 02:00:57 +0000 (Tue, 14 May 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1391-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1391-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:1391-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.24.1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\n CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524,\n CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551,\n CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070\n (bsc#1132256).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1391=1\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo-32bit\", rpm:\"libwebkit2gtk-4_0-37-debuginfo-32bit~2.24.1~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:50:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-11T00:00:00", "id": "OPENVAS:1361412562310852488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852488", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1374-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852488\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\",\n \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\",\n \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\",\n \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\",\n \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-11 02:00:45 +0000 (Sat, 11 May 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1374-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1374-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:1374-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.24.1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\n CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518,\n CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,\n CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559,\n CVE-2019-8563, CVE-2019-11070 (bsc#1132256).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1374=1\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8401", "CVE-2018-0952", "CVE-2018-8200", "CVE-2018-8343", "CVE-2018-8406", "CVE-2018-8345", "CVE-2018-8351", "CVE-2018-8377", "CVE-2018-8403", "CVE-2018-8372", "CVE-2018-8388", "CVE-2018-8405", "CVE-2018-8339", "CVE-2018-8387", "CVE-2018-8344", "CVE-2018-8400", "CVE-2018-8355", "CVE-2018-8350", "CVE-2018-8394", "CVE-2018-3646", "CVE-2018-8316", "CVE-2018-8373", "CVE-2018-8357", "CVE-2018-8383", "CVE-2018-8390", "CVE-2018-8266", "CVE-2018-3620", "CVE-2018-8404", "CVE-2018-8399", "CVE-2018-8380", "CVE-2018-3615", "CVE-2018-8348", "CVE-2018-8370", "CVE-2018-8341", "CVE-2018-8204", "CVE-2018-8414", "CVE-2018-8347", "CVE-2018-8385", "CVE-2018-8381", "CVE-2018-8371", "CVE-2018-8340", "CVE-2018-8360", "CVE-2018-8389", "CVE-2018-8398", "CVE-2018-8353", "CVE-2018-8349"], "description": "This host is missing a critical security\n update according to Microsoft KB4343909", "modified": "2020-06-04T00:00:00", "published": "2018-08-15T00:00:00", "id": "OPENVAS:1361412562310813843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813843", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4343909)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4343909)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813843\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-3615\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-0952\",\n \"CVE-2018-8200\", \"CVE-2018-8204\", \"CVE-2018-8266\", \"CVE-2018-8316\",\n \"CVE-2018-8339\", \"CVE-2018-8340\", \"CVE-2018-8341\", \"CVE-2018-8343\",\n \"CVE-2018-8344\", \"CVE-2018-8345\", \"CVE-2018-8347\", \"CVE-2018-8348\",\n \"CVE-2018-8349\", \"CVE-2018-8350\", \"CVE-2018-8351\", \"CVE-2018-8353\",\n \"CVE-2018-8355\", \"CVE-2018-8357\", \"CVE-2018-8360\", \"CVE-2018-8370\",\n \"CVE-2018-8371\", \"CVE-2018-8372\", \"CVE-2018-8373\", \"CVE-2018-8377\",\n \"CVE-2018-8380\", \"CVE-2018-8381\", \"CVE-2018-8383\", \"CVE-2018-8385\",\n \"CVE-2018-8387\", \"CVE-2018-8388\", \"CVE-2018-8389\", \"CVE-2018-8390\",\n \"CVE-2018-8394\", \"CVE-2018-8398\", \"CVE-2018-8399\", \"CVE-2018-8400\",\n \"CVE-2018-8401\", \"CVE-2018-8403\", \"CVE-2018-8404\", \"CVE-2018-8405\",\n \"CVE-2018-8406\", \"CVE-2018-8414\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-08-15 13:05:04 +0530 (Wed, 15 Aug 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4343909)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4343909\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - A new speculative execution side channel vulnerability known as L1 Terminal\n Fault.\n\n - Diagnostics Hub Standard Collector allows file creation in arbitrary locations.\n\n - Multiple security feature bypass vulnerability exists in Device Guard.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Internet Explorer improperly validates hyperlinks before loading executable libraries.\n\n - Windows Installer fails to properly sanitize input leading to an insecure library\n loading behavior.\n\n - Windows kernel and DirectX Graphics Kernel (DXGKRNL) driver improperly handles\n objects in memory.\n\n - NDIS fails to check the length of a buffer prior to copying memory to it.\n\n - Windows font library improperly handles specially crafted embedded fonts.\n\n - An improper processing for a .LNK file.\n\n - 'Microsoft COM for Windows' fails to properly handle serialized objects.\n\n - Microsoft browsers improperly allow cross-frame interaction.\n\n - Microsoft browsers allowing sandbox escape.\n\n - Microsoft Edge improperly handles redirect requests and specific HTML content.\n\n - Microsoft .NET Framework improperly access information in multi-tenant environments.\n\n - WebAudio Library improperly handles audio requests.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows PDF Library improperly handles objects in memory.\n\n - Microsoft Edge does not properly parse HTTP content.\n\n - Windows Shell does not properly validate file paths.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, run processes in an elevated context, obtain\n information to further compromise the user's system, trick a user into believing\n that the user was on a legitimate website, read privileged data across trust\n boundaries and also bypass certain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4343909\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.227\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.227\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-07-03T05:58:53", "bulletinFamily": "info", "cvelist": ["CVE-2018-8383"], "description": "A browser address bar spoofing flaw was found by researchers this week in Safari \u2013 and Apple has yet issue a patch for the flaw.\n\nResearcher Rafay Baloch on [Monday](<https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html>) disclosed two proof-of-concepts revealing how vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers\u2019 address bars, tricking victims into thinking they are visiting a legitimate website.\n\nBaloch told Threatpost Wednesday that Apple has promised to fix the flaw in its next security update for Safari. \u201cApple has told [me] that the latest beta of iOS 12 also addresses the issue, however they haven\u2019t provided any dates,\u201d he said. Apple did not respond to multiple requests for comment from Threatpost.\n\nMicrosoft for its part has fixed the vulnerability Baloch found in the Edge browser, ([CVE-2018-8383](<https://nvd.nist.gov/vuln/detail/CVE-2018-8383>)) in its August Patch Tuesday release. According to Microsoft\u2019s vulnerability [advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8383>) released August 14, the spoofing flaw exists because Edge does not properly parse HTTP content.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/09/12114213/Screen-Shot-2018-09-12-at-11.38.02-AM.png>)\n\nBoth flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading. This means that an attacker could request data from a non-existent port and, due to the delay induced by the setInterval function, trigger the address bar spoofing.\n\nThe browser would then preserve the address bar and load the content from the spoofed page, Baloch said in his blog breaking down both vulnerabilities.\n\nFrom there, the attacker could spoof the website, using it to lure in victims and potentially gather credentials or spread malware. For instance, the attacker could send an email message containing the specially crafted URL to the user, convince the user to click it, and take them to the link which could gather their credentials or sensitive information.\n\n\u201cAs per Google, Address bar is the only reliable indicator for ensuring the identity of the website, if the Address bar points to Facebook.com and the content is hosted on attacker\u2019s website, there is no reason why someone would not fall for this,\u201d Baloch told Threatpost.\n\nIn a [video demonstration](<https://www.youtube.com/watch?time_continue=9&v=Ni2XzF5-ixY>), Baloch showed how he could visit a link for the vulnerable browser on Edge (http://sh3ifu[.]com/bt/Edge-Spoof.html), which would take him to a site purporting to be Gmail login. However, while the URL points to a Gmail address, the content is hosted on sh3ifu.com, said Baloch.\n\nThe Safari proof-of-concept is similar, except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state. However, Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript \u2013 a common practice in banking sites.\n\nNo other browsers \u2013 including Chrome or Firefox \u2013 were discovered to have the flaw, said Baloch. Baloch is known for discovering similar vulnerabilities in Chrome, Firefox and other major browsers [in 2016](<https://threatpost.com/browser-address-bar-spoofing-vulnerability-disclosed/119951/>), which also allowed attackers to spoof URLs in the address bar.\n\nThe vulnerabilities were disclosed to both Microsoft and Apple and Baloch gave both a 90-day deadline before he went public with the flaws. Due to the Safari browser bug being unpatched, Baloch said he has not yet released a Proof of Concept: \u201cHowever considering there is a slight difference between the Edge browser POC and Safari, anyone with decent knowledge of Javascript can make it work on Safari,\u201d he told us.\n", "modified": "2018-09-12T16:17:42", "published": "2018-09-12T16:17:42", "id": "THREATPOST:853D3B2E6754D9F03E63C0924660FE23", "href": "https://threatpost.com/apple-yet-to-patch-safari-browser-address-bar-spoofing-flaw/137395/", "type": "threatpost", "title": "Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "thn": [{"lastseen": "2018-09-12T13:44:57", "bulletinFamily": "info", "cvelist": ["CVE-2018-8383"], "description": "[](<https://1.bp.blogspot.com/-urksNI-XW4Y/W5j9fgjR_uI/AAAAAAAAyGc/BKadwc-L1uQGcG0cqbKjfnCGGjlkjlUaACLcBGAs/s728-e100/url-spoofing.jpg>)\n\nA security researcher has discovered a serious vulnerability that could allow attackers to spoof website addresses in the Microsoft Edge web browser for Windows and Apple Safari for iOS. \n \nWhile Microsoft fixed the address bar URL spoofing vulnerability last month as part of its [monthly security updates](<https://thehackernews.com/2018/08/microsoft-patch-updates.html>), Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks. \n \nThe phishing attacks today are sophisticated and increasingly more difficult to spot, and this newly discovered vulnerability takes it to another level that can bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a website is fake. \n\n\n \nDiscovered by Pakistan-based security researcher Rafay Baloch, the vulnerability (CVE-2018-8383) is due to a race condition type issue caused by the web browser allowing JavaScript to update the page address in the URL bar while the page is loading. \n \n\n\n### Here's How the URL Spoofing Vulnerability Works\n\n \nSuccessful exploitation of the flaw could potentially allow an attacker to initially start loading a legitimate page, which would cause the page address to be displayed in the URL bar, and then quickly replace the code in the web page with a malicious one. \n \n\n\n> \"Upon requesting data from a non-existent port the address was preserved and hence a due to race condition over a resource requested from non-existent port combined with the delay induced by setInterval function managed to trigger address bar spoofing,\" Baloch explains on his [blog](<https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html>). \n \n\"It causes the browser to preserve the address bar and to load the content from the spoofed page. The browser will however eventually load the resource, however the delay induced with setInterval function would be enough to trigger the address bar spoofing.\"\n\n \nSince the URL displayed in the address bar does not change, the phishing attack would be difficult for even a trained user to detect. \n \nUsing this vulnerability, an attacker can impersonate any web page, including Gmail, Facebook, Twitter, or even bank websites, and create fake login screens or other forms to steal credentials and other data from users, who see the legitimate domain in the address bar. \n\n\n \nBaloch created a proof-of-concept (PoC) page to test the vulnerability, and observed that both Microsoft Edge and Apple Safari browsers \"allowed javascript to update the address bar while the page was still loading.\" \n \n\n\n### Proof-of Concept Video Demonstrations\n\n \nThe researcher has also published proof of concept videos for both Edge and Safari: \n\n\n \n\n\nAccording to Baloch, both Google Chrome and Mozilla Firefox web browsers are not affected by this vulnerability. \n \nWhile Microsoft had already [patched](<https://mspoweruser.com/microsoft-edge-and-safari-are-protected-against-spoofing-attacks/>) the issue last month with its [Patch Tuesday updates](<https://thehackernews.com/2018/08/microsoft-patch-updates.html>) for August 2018, Baloch has yet to get a response from Apple about the flaw he reported to the company back on June 2. \n \nThe researcher disclosed the full technical details of the vulnerability and proof-of-concept (PoC) code for Edge only after the 90-day disclosure window, but he is holding the proof-of-concept code for Safari until Apple patches the issue in the upcoming version of Safari.\n", "modified": "2018-09-12T11:50:38", "published": "2018-09-12T11:50:00", "id": "THN:A86F600F341C94FD6A5A2F782ABA7B7F", "href": "https://thehackernews.com/2018/09/browser-address-spoofing-vulnerability.html", "type": "thn", "title": "Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-6251"], "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "modified": "2019-04-24T22:59:03", "published": "2019-04-24T22:59:03", "id": "FEDORA:029E76094083", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: webkit2gtk3-2.24.1-1.fc28", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-6251"], "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "modified": "2019-04-15T17:44:46", "published": "2019-04-15T17:44:46", "id": "FEDORA:BE07E602DC1B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: webkit2gtk3-2.24.1-1.fc29", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-6251"], "description": "WPE allows embedders to create simple and performant systems based on Web platform technologies. It is designed with hardware acceleration in mind, leveraging common 3D graphics APIs for best performance. ", "modified": "2019-04-30T02:28:29", "published": "2019-04-30T02:28:29", "id": "FEDORA:C8A9E601CF8F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: wpewebkit-2.24.1-1.fc29", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-6251"], "description": "WPE allows embedders to create simple and performant systems based on Web platform technologies. It is designed with hardware acceleration in mind, leveraging common 3D graphics APIs for best performance. ", "modified": "2019-04-27T21:36:26", "published": "2019-04-27T21:36:26", "id": "FEDORA:EBC13604817B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: wpewebkit-2.24.1-1.fc30", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-6251"], "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "modified": "2019-04-13T00:10:20", "published": "2019-04-13T00:10:20", "id": "FEDORA:9E3DD60C9822", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: webkit2gtk3-2.24.1-1.fc30", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:42", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8518", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8375", "CVE-2019-8524"], "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.", "edition": 4, "modified": "2019-04-16T00:00:00", "published": "2019-04-16T00:00:00", "id": "USN-3948-1", "href": "https://ubuntu.com/security/notices/USN-3948-1", "title": "WebKitGTK+ vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2019-05-13T20:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "description": "This update for webkit2gtk3 to version 2.24.1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\n CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524,\n CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551,\n CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070\n (bsc#1132256).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2019-05-13T18:16:20", "published": "2019-05-13T18:16:20", "id": "OPENSUSE-SU-2019:1391-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html", "title": "Security update for webkit2gtk3 (important)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-10T22:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "description": "This update for webkit2gtk3 to version 2.24.1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\n CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518,\n CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,\n CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559,\n CVE-2019-8563, CVE-2019-11070 (bsc#1132256).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-10T21:12:33", "published": "2019-05-10T21:12:33", "id": "OPENSUSE-SU-2019:1374-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html", "title": "Security update for webkit2gtk3 (important)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:01", "bulletinFamily": "info", "cvelist": ["CVE-2018-8351", "CVE-2018-8377", "CVE-2018-8358", "CVE-2018-8403", "CVE-2018-8372", "CVE-2018-8388", "CVE-2018-8387", "CVE-2018-8355", "CVE-2018-8316", "CVE-2018-8373", "CVE-2018-8357", "CVE-2018-8383", "CVE-2018-8390", "CVE-2018-8266", "CVE-2018-8380", "CVE-2018-8370", "CVE-2018-8384", "CVE-2018-8359", "CVE-2018-8385", "CVE-2018-8381", "CVE-2018-8371", "CVE-2018-8389", "CVE-2018-8353"], "description": "### *Detect date*:\n08/14/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions.\n\n### *Affected products*:\nChakraCore \nMicrosoft Edge (EdgeHTML-based) \nInternet Explorer 10 \nInternet Explorer 9 \nInternet Explorer 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-8372](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8372>) \n[CVE-2018-8385](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8385>) \n[CVE-2018-8266](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8266>) \n[CVE-2018-8380](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8380>) \n[CVE-2018-8381](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8381>) \n[CVE-2018-8355](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8355>) \n[CVE-2018-8390](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8390>) \n[CVE-2018-8387](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8387>) \n[CVE-2018-8357](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8357>) \n[CVE-2018-8353](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8353>) \n[CVE-2018-8383](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8383>) \n[CVE-2018-8377](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8377>) \n[CVE-2018-8389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8389>) \n[CVE-2018-8316](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8316>) \n[CVE-2018-8388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8388>) \n[CVE-2018-8371](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8371>) \n[CVE-2018-8351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8351>) \n[CVE-2018-8373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8373>) \n[CVE-2018-8403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8403>) \n[CVE-2018-8370](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8370>) \n[CVE-2018-8358](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8358>) \n[CVE-2018-8384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8384>) \n[CVE-2018-8359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8359>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2018-8384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8384>)0.0Unknown \n[CVE-2018-8372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8372>)0.0Unknown \n[CVE-2018-8385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8385>)0.0Unknown \n[CVE-2018-8266](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8266>)0.0Unknown \n[CVE-2018-8380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8380>)0.0Unknown \n[CVE-2018-8359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8359>)0.0Unknown \n[CVE-2018-8381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8381>)0.0Unknown \n[CVE-2018-8355](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8355>)0.0Unknown \n[CVE-2018-8390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8390>)0.0Unknown \n[CVE-2018-8387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8387>)0.0Unknown \n[CVE-2018-8357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8357>)0.0Unknown \n[CVE-2018-8353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8353>)0.0Unknown \n[CVE-2018-8383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8383>)0.0Unknown \n[CVE-2018-8377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8377>)0.0Unknown \n[CVE-2018-8389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8389>)0.0Unknown \n[CVE-2018-8316](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8316>)0.0Unknown \n[CVE-2018-8388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8388>)0.0Unknown \n[CVE-2018-8371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8371>)0.0Unknown \n[CVE-2018-8351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8351>)0.0Unknown \n[CVE-2018-8373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8373>)0.0Unknown \n[CVE-2018-8403](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8403>)0.0Unknown \n[CVE-2018-8370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8370>)0.0Unknown \n[CVE-2018-8358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8358>)0.0Unknown\n\n### *KB list*:\n[4343909](<http://support.microsoft.com/kb/4343909>) \n[4343885](<http://support.microsoft.com/kb/4343885>) \n[4343887](<http://support.microsoft.com/kb/4343887>) \n[4343892](<http://support.microsoft.com/kb/4343892>) \n[4343897](<http://support.microsoft.com/kb/4343897>) \n[4343898](<http://support.microsoft.com/kb/4343898>) \n[4343899](<http://support.microsoft.com/kb/4343899>) \n[4343900](<http://support.microsoft.com/kb/4343900>) \n[4343205](<http://support.microsoft.com/kb/4343205>) \n[4343901](<http://support.microsoft.com/kb/4343901>)\n\n### *Microsoft official advisories*:\n\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 29, "modified": "2020-06-18T00:00:00", "published": "2018-08-14T00:00:00", "id": "KLA11306", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11306", "title": "\r KLA11306Multiple vulnerabilities in Microsoft Browsers ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-12-31T12:52:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8608", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8610", "CVE-2019-8559", "CVE-2019-8584", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8551", "CVE-2019-8594", "CVE-2019-8622", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8611", "CVE-2019-8601", "CVE-2019-6201", "CVE-2019-8607", "CVE-2019-6237", "CVE-2019-8583", "CVE-2019-8596", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8619", "CVE-2019-8615", "CVE-2019-7292", "CVE-2019-8571", "CVE-2019-8524", "CVE-2019-8597", "CVE-2019-8623", "CVE-2019-8609", "CVE-2019-8595"], "description": "\nThe WebKitGTK project reports many vulnerabilities,\n\tincluding several arbitrary code execution vulnerabilities.\n", "edition": 3, "modified": "2019-04-10T00:00:00", "published": "2019-04-10T00:00:00", "id": "3DD46E05-9FB0-11E9-BF65-00012E582166", "href": "https://vuxml.freebsd.org/freebsd/3dd46e05-9fb0-11e9-bf65-00012e582166.html", "title": "webkit2-gtk3 -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2019-09-06T20:41:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8677", "CVE-2019-8558", "CVE-2019-8649", "CVE-2019-8515", "CVE-2019-8688", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8673", "CVE-2019-6201", "CVE-2019-8607", "CVE-2019-8687", "CVE-2019-8672", "CVE-2019-8658", "CVE-2019-8678", "CVE-2019-8676", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8686", "CVE-2019-8644", "CVE-2019-8683", "CVE-2019-8615", "CVE-2019-8671", "CVE-2019-8690", "CVE-2019-7292", "CVE-2019-8524", "CVE-2019-8684", "CVE-2019-8689", "CVE-2019-8595", "CVE-2019-8666"], "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebkitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.24.4\"", "edition": 1, "modified": "2019-09-06T00:00:00", "published": "2019-09-06T00:00:00", "id": "GLSA-201909-05", "href": "https://security.gentoo.org/glsa/201909-05", "title": "WebkitGTK+: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-12T01:22:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8815", "CVE-2020-3899", "CVE-2019-8844", "CVE-2020-10018", "CVE-2019-8608", "CVE-2019-8563", "CVE-2019-8769", "CVE-2020-3902", "CVE-2019-8782", "CVE-2019-8506", "CVE-2019-8610", "CVE-2019-8559", "CVE-2019-8726", "CVE-2019-8822", "CVE-2019-8743", "CVE-2019-8707", "CVE-2020-3885", "CVE-2019-8677", "CVE-2019-8584", "CVE-2019-8558", "CVE-2019-8649", "CVE-2019-8820", "CVE-2019-8586", "CVE-2019-8587", "CVE-2020-3895", "CVE-2019-8808", "CVE-2019-8771", "CVE-2019-8763", "CVE-2019-8821", "CVE-2019-8816", "CVE-2019-8688", "CVE-2019-8674", "CVE-2020-11793", "CVE-2019-8551", "CVE-2019-8819", "CVE-2020-3865", "CVE-2019-8594", "CVE-2019-8622", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8611", "CVE-2020-3897", "CVE-2019-8735", "CVE-2019-8764", "CVE-2019-8823", "CVE-2019-8673", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8687", "CVE-2019-8846", "CVE-2019-8672", "CVE-2020-3862", "CVE-2019-6237", "CVE-2019-8583", "CVE-2019-8658", "CVE-2018-8383", "CVE-2019-8678", "CVE-2019-8766", "CVE-2019-8720", "CVE-2019-8676", "CVE-2020-3867", "CVE-2019-8596", "CVE-2019-8813", "CVE-2019-8535", "CVE-2020-3901", "CVE-2019-8536", "CVE-2019-8686", "CVE-2020-3900", "CVE-2019-8644", "CVE-2019-8719", "CVE-2019-8811", "CVE-2019-8619", "CVE-2019-8733", "CVE-2019-8683", "CVE-2019-8615", "CVE-2019-8671", "CVE-2019-8765", "CVE-2019-8835", "CVE-2019-8625", "CVE-2019-8690", "CVE-2019-8571", "CVE-2019-8524", "CVE-2019-8783", "CVE-2019-8684", "CVE-2020-3894", "CVE-2019-8689", "CVE-2019-8710", "CVE-2019-8812", "CVE-2019-8597", "CVE-2020-3864", "CVE-2019-8768", "CVE-2019-8623", "CVE-2019-8814", "CVE-2020-3868", "CVE-2019-8609", "CVE-2019-8595", "CVE-2019-8666"], "description": "**Issue Overview:**\n\nWebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. ([CVE-2019-11070 __](<https://access.redhat.com/security/cve/CVE-2019-11070>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-6237 __](<https://access.redhat.com/security/cve/CVE-2019-6237>))\n\nWebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the [CVE-2018-8383 __](<https://access.redhat.com/security/cve/CVE-2018-8383>) issue in Microsoft Edge. ([CVE-2019-6251 __](<https://access.redhat.com/security/cve/CVE-2019-6251>))\n\nA type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8506 __](<https://access.redhat.com/security/cve/CVE-2019-8506>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8524 __](<https://access.redhat.com/security/cve/CVE-2019-8524>))\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8535 __](<https://access.redhat.com/security/cve/CVE-2019-8535>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8536 __](<https://access.redhat.com/security/cve/CVE-2019-8536>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8544 __](<https://access.redhat.com/security/cve/CVE-2019-8544>))\n\nA logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8551 __](<https://access.redhat.com/security/cve/CVE-2019-8551>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8558 __](<https://access.redhat.com/security/cve/CVE-2019-8558>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8559 __](<https://access.redhat.com/security/cve/CVE-2019-8559>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8563 __](<https://access.redhat.com/security/cve/CVE-2019-8563>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8571 __](<https://access.redhat.com/security/cve/CVE-2019-8571>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8583 __](<https://access.redhat.com/security/cve/CVE-2019-8583>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8584 __](<https://access.redhat.com/security/cve/CVE-2019-8584>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8586 __](<https://access.redhat.com/security/cve/CVE-2019-8586>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8587 __](<https://access.redhat.com/security/cve/CVE-2019-8587>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8594 __](<https://access.redhat.com/security/cve/CVE-2019-8594>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8595 __](<https://access.redhat.com/security/cve/CVE-2019-8595>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8596 __](<https://access.redhat.com/security/cve/CVE-2019-8596>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8597 __](<https://access.redhat.com/security/cve/CVE-2019-8597>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8601 __](<https://access.redhat.com/security/cve/CVE-2019-8601>))\n\nAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. ([CVE-2019-8607 __](<https://access.redhat.com/security/cve/CVE-2019-8607>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8608 __](<https://access.redhat.com/security/cve/CVE-2019-8608>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8609 __](<https://access.redhat.com/security/cve/CVE-2019-8609>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8610 __](<https://access.redhat.com/security/cve/CVE-2019-8610>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8611 __](<https://access.redhat.com/security/cve/CVE-2019-8611>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8615 __](<https://access.redhat.com/security/cve/CVE-2019-8615>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8619 __](<https://access.redhat.com/security/cve/CVE-2019-8619>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8622 __](<https://access.redhat.com/security/cve/CVE-2019-8622>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8623 __](<https://access.redhat.com/security/cve/CVE-2019-8623>))\n\nA logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8625 __](<https://access.redhat.com/security/cve/CVE-2019-8625>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8644 __](<https://access.redhat.com/security/cve/CVE-2019-8644>))\n\nA logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8649 __](<https://access.redhat.com/security/cve/CVE-2019-8649>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8658 __](<https://access.redhat.com/security/cve/CVE-2019-8658>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8666 __](<https://access.redhat.com/security/cve/CVE-2019-8666>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8669 __](<https://access.redhat.com/security/cve/CVE-2019-8669>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8671 __](<https://access.redhat.com/security/cve/CVE-2019-8671>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8672 __](<https://access.redhat.com/security/cve/CVE-2019-8672>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8673 __](<https://access.redhat.com/security/cve/CVE-2019-8673>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8674 __](<https://access.redhat.com/security/cve/CVE-2019-8674>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8676 __](<https://access.redhat.com/security/cve/CVE-2019-8676>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8677 __](<https://access.redhat.com/security/cve/CVE-2019-8677>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8678 __](<https://access.redhat.com/security/cve/CVE-2019-8678>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8679 __](<https://access.redhat.com/security/cve/CVE-2019-8679>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8680 __](<https://access.redhat.com/security/cve/CVE-2019-8680>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8681 __](<https://access.redhat.com/security/cve/CVE-2019-8681>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8683 __](<https://access.redhat.com/security/cve/CVE-2019-8683>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8684 __](<https://access.redhat.com/security/cve/CVE-2019-8684>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8686 __](<https://access.redhat.com/security/cve/CVE-2019-8686>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8687 __](<https://access.redhat.com/security/cve/CVE-2019-8687>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8688 __](<https://access.redhat.com/security/cve/CVE-2019-8688>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8689 __](<https://access.redhat.com/security/cve/CVE-2019-8689>))\n\nA logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8690 __](<https://access.redhat.com/security/cve/CVE-2019-8690>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8707 __](<https://access.redhat.com/security/cve/CVE-2019-8707>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8710 __](<https://access.redhat.com/security/cve/CVE-2019-8710>))\n\nA logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8719 __](<https://access.redhat.com/security/cve/CVE-2019-8719>))\n\nThis fixes a remote code execution in webkitgtk4. No further details are available in NIST. ([CVE-2019-8720 __](<https://access.redhat.com/security/cve/CVE-2019-8720>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8726 __](<https://access.redhat.com/security/cve/CVE-2019-8726>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8733 __](<https://access.redhat.com/security/cve/CVE-2019-8733>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8735 __](<https://access.redhat.com/security/cve/CVE-2019-8735>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8743 __](<https://access.redhat.com/security/cve/CVE-2019-8743>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8763 __](<https://access.redhat.com/security/cve/CVE-2019-8763>))\n\nA logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8764 __](<https://access.redhat.com/security/cve/CVE-2019-8764>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8765 __](<https://access.redhat.com/security/cve/CVE-2019-8765>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8766 __](<https://access.redhat.com/security/cve/CVE-2019-8766>))\n\n\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. ([CVE-2019-8768 __](<https://access.redhat.com/security/cve/CVE-2019-8768>))\n\nAn issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. ([CVE-2019-8769 __](<https://access.redhat.com/security/cve/CVE-2019-8769>))\n\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. ([CVE-2019-8771 __](<https://access.redhat.com/security/cve/CVE-2019-8771>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8782 __](<https://access.redhat.com/security/cve/CVE-2019-8782>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8783 __](<https://access.redhat.com/security/cve/CVE-2019-8783>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8808 __](<https://access.redhat.com/security/cve/CVE-2019-8808>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8811 __](<https://access.redhat.com/security/cve/CVE-2019-8811>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8812 __](<https://access.redhat.com/security/cve/CVE-2019-8812>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8813 __](<https://access.redhat.com/security/cve/CVE-2019-8813>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8814 __](<https://access.redhat.com/security/cve/CVE-2019-8814>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8815 __](<https://access.redhat.com/security/cve/CVE-2019-8815>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8816 __](<https://access.redhat.com/security/cve/CVE-2019-8816>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8819 __](<https://access.redhat.com/security/cve/CVE-2019-8819>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8820 __](<https://access.redhat.com/security/cve/CVE-2019-8820>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8821 __](<https://access.redhat.com/security/cve/CVE-2019-8821>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8822 __](<https://access.redhat.com/security/cve/CVE-2019-8822>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8823 __](<https://access.redhat.com/security/cve/CVE-2019-8823>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8835 __](<https://access.redhat.com/security/cve/CVE-2019-8835>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8844 __](<https://access.redhat.com/security/cve/CVE-2019-8844>))\n\nA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8846 __](<https://access.redhat.com/security/cve/CVE-2019-8846>))\n\nWebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. ([CVE-2020-10018 __](<https://access.redhat.com/security/cve/CVE-2020-10018>))\n\nA use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service. ([CVE-2020-11793 __](<https://access.redhat.com/security/cve/CVE-2020-11793>))\n\nA denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. ([CVE-2020-3862 __](<https://access.redhat.com/security/cve/CVE-2020-3862>))\n\nA logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. ([CVE-2020-3864 __](<https://access.redhat.com/security/cve/CVE-2020-3864>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3865 __](<https://access.redhat.com/security/cve/CVE-2020-3865>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2020-3867 __](<https://access.redhat.com/security/cve/CVE-2020-3867>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3868 __](<https://access.redhat.com/security/cve/CVE-2020-3868>))\n\nA logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. ([CVE-2020-3885 __](<https://access.redhat.com/security/cve/CVE-2020-3885>))\n\nA race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. ([CVE-2020-3894 __](<https://access.redhat.com/security/cve/CVE-2020-3894>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3895 __](<https://access.redhat.com/security/cve/CVE-2020-3895>))\n\nA type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. ([CVE-2020-3897 __](<https://access.redhat.com/security/cve/CVE-2020-3897>))\n\nA memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. ([CVE-2020-3899 __](<https://access.redhat.com/security/cve/CVE-2020-3899>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3900 __](<https://access.redhat.com/security/cve/CVE-2020-3900>))\n\nA type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3901 __](<https://access.redhat.com/security/cve/CVE-2020-3901>))\n\nAn input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. ([CVE-2020-3902 __](<https://access.redhat.com/security/cve/CVE-2020-3902>))\n\n \n**Affected Packages:** \n\n\nwebkitgtk4\n\n \n**Issue Correction:** \nRun _yum update webkitgtk4_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n webkitgtk4-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-devel-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-jsc-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-jsc-devel-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-debuginfo-2.28.2-2.amzn2.0.1.aarch64 \n \n i686: \n webkitgtk4-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-devel-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-jsc-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-jsc-devel-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-debuginfo-2.28.2-2.amzn2.0.1.i686 \n \n noarch: \n webkitgtk4-doc-2.28.2-2.amzn2.0.1.noarch \n \n src: \n webkitgtk4-2.28.2-2.amzn2.0.1.src \n \n x86_64: \n webkitgtk4-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-devel-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-jsc-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-jsc-devel-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-debuginfo-2.28.2-2.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2020-11-09T21:05:00", "published": "2020-11-09T21:05:00", "id": "ALAS2-2020-1563", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1563.html", "title": "Medium: webkitgtk4", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-09-09T21:41:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-11459", "CVE-2019-12795", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8666", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8679", "CVE-2019-8681", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8726", "CVE-2019-8735", "CVE-2019-8768"], "description": "GNOME is the default desktop environment of Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\n* gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2020-09-10T00:51:22", "published": "2019-11-05T22:59:21", "id": "RHSA-2019:3553", "href": "https://access.redhat.com/errata/RHSA-2019:3553", "type": "redhat", "title": "(RHSA-2019:3553) Low: GNOME security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-07T18:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-8506", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8625", "CVE-2019-8644", "CVE-2019-8649", "CVE-2019-8658", "CVE-2019-8666", "CVE-2019-8669", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8674", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8678", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8681", "CVE-2019-8683", "CVE-2019-8684", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8688", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8707", "CVE-2019-8710", "CVE-2019-8719", "CVE-2019-8720", "CVE-2019-8726", "CVE-2019-8733", "CVE-2019-8735", "CVE-2019-8743", "CVE-2019-8763", "CVE-2019-8764", "CVE-2019-8765", "CVE-2019-8766", "CVE-2019-8768", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902"], "description": "WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3.\n\nThe following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "modified": "2020-09-29T13:42:35", "published": "2020-09-29T11:53:27", "id": "RHSA-2020:4035", "href": "https://access.redhat.com/errata/RHSA-2020:4035", "type": "redhat", "title": "(RHSA-2020:4035) Moderate: webkitgtk4 security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-28T02:16:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0169", "CVE-2016-10739", "CVE-2018-14404", "CVE-2018-14498", "CVE-2018-16890", "CVE-2018-18074", "CVE-2018-18624", "CVE-2018-18751", "CVE-2018-19519", "CVE-2018-20060", "CVE-2018-20337", "CVE-2018-20483", "CVE-2018-20657", "CVE-2018-20852", "CVE-2018-9251", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-11070", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-11358", "CVE-2019-11459", "CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-12450", "CVE-2019-12795", "CVE-2019-13232", "CVE-2019-13636", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-14822", "CVE-2019-14973", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-15718", "CVE-2019-15847", "CVE-2019-16056", "CVE-2019-16769", "CVE-2019-17451", "CVE-2019-18408", "CVE-2019-19126", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-3825", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-5094", "CVE-2019-5436", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5953", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-6454", "CVE-2019-6706", "CVE-2019-7146", "CVE-2019-7149", "CVE-2019-7150", "CVE-2019-7664", "CVE-2019-7665", "CVE-2019-8457", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8666", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8675", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8679", "CVE-2019-8681", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8696", "CVE-2019-8726", "CVE-2019-8735", "CVE-2019-8768", "CVE-2020-10531", "CVE-2020-10715", "CVE-2020-10743", "CVE-2020-11008", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11110", "CVE-2020-12049", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13822", "CVE-2020-14040", "CVE-2020-14336", "CVE-2020-15366", "CVE-2020-15719", "CVE-2020-1712", "CVE-2020-7013", "CVE-2020-7598", "CVE-2020-7662", "CVE-2020-8203", "CVE-2020-8559", "CVE-2020-9283"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard > Table Panel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url (CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-28T04:36:30", "published": "2020-10-27T18:57:54", "id": "RHSA-2020:4298", "href": "https://access.redhat.com/errata/RHSA-2020:4298", "type": "redhat", "title": "(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2018-09-08T09:19:42", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0952", "CVE-2018-8200", "CVE-2018-8204", "CVE-2018-8253", "CVE-2018-8266", "CVE-2018-8273", "CVE-2018-8302", "CVE-2018-8316", "CVE-2018-8339", "CVE-2018-8340", "CVE-2018-8341", "CVE-2018-8342", "CVE-2018-8343", "CVE-2018-8344", "CVE-2018-8345", "CVE-2018-8346", "CVE-2018-8347", "CVE-2018-8348", "CVE-2018-8349", "CVE-2018-8350", "CVE-2018-8351", "CVE-2018-8353", "CVE-2018-8355", "CVE-2018-8357", "CVE-2018-8358", "CVE-2018-8359", "CVE-2018-8360", "CVE-2018-8370", "CVE-2018-8371", "CVE-2018-8372", "CVE-2018-8373", "CVE-2018-8375", "CVE-2018-8376", "CVE-2018-8377", "CVE-2018-8378", "CVE-2018-8379", "CVE-2018-8380", "CVE-2018-8381", "CVE-2018-8382", "CVE-2018-8383", "CVE-2018-8384", "CVE-2018-8385", "CVE-2018-8387", "CVE-2018-8389", "CVE-2018-8390", "CVE-2018-8394", "CVE-2018-8396", "CVE-2018-8397", "CVE-2018-8398", "CVE-2018-8399", "CVE-2018-8400", "CVE-2018-8401", "CVE-2018-8403", "CVE-2018-8404", "CVE-2018-8405", "CVE-2018-8406", "CVE-2018-8412", "CVE-2018-8414"], "description": "Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated \u201ccritical,\u201d 38 that are rated \u201cimportant,\u201d one that is rated moderate and one that is rated as low severity. These vulnerabilities impact Windows Operating System, Edge and Internet Explorer, along with several other products.\n\n \n\n\nIn addition to the 60 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180020 which addresses the vulnerabilities described in the Adobe Flash Security Bulletin APSB18-25.\n\n \n\n\n### Critical Vulnerabilities\n\n \n\n\nThis month, Microsoft is addressing 20 vulnerabilities that are rated \"critical.\" Talos believes 10 of these are notable and require prompt attention.\n\n \n\n\n[CVE-2018-8273](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273>) is a remote code execution vulnerability in the Microsoft SQL Server that could allow an attacker who successfully exploits the vulnerability to execute code in the context of the SQL Server Database Engine Service account.\n\n \n\n\n[CVE-2018-8302](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8302>) is a remote code execution vulnerability in the Microsoft Exchange email and calendar software that could allow an attacker who successfully exploits the vulnerability to run arbitrary code in the context of the system user when the software fails to properly handle objects in memory.\n\n \n\n\n[CVE-2018-8344](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8344>) is a remote code execution vulnerability that exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. This vulnerability can be exploited in multiple ways. By leveraging a web-based attack, an attacker can convince a user to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker-controlled webpage, or simply a page that hosts external content, such as advertisements. An attacker can also provide a specially crafted document that is designed to exploit the vulnerability, and then convince users to open the document file.\n\n \n\n\n[CVE-2018-8350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8350>) is a remote code execution vulnerability that exists when the Microsoft Windows PDF Library improperly handles objects in memory. An attacker who successfully exploits the vulnerability could gain the same user rights as the current user. The vulnerability can be exploited simply by viewing a website that hosts a malicious PDF file on a Windows 10 system with Microsoft Edge set as the default browser. On other affected systems, that do not render PDF content automatically, an attacker would have to convince users to open a specially crafted PDF document, such as a PDF attachment to an email message.\n\n \n\n\n[CVE-2018-8266](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8266>), [CVE-2018-8355](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8355>), [CVE-2018-8380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8380>), [CVE-2018-8381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381>) and [CVE-2018-8384](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384>) are remote code execution vulnerabilities that exist in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker who successfully exploits the vulnerability can potentially gain the same user rights as the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker-controlled webpage, or simply a page that hosts external content, such as advertisements.\n\n \n\n\n[CVE-2018-8397](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8397>) is a remote code execution vulnerability that exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system. This vulnerability can be exploited in multiple ways. By leveraging a web-based attack, an attacker can convince a user to visit a webpage that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker-controlled webpage, or simply a page that hosts external content, such as advertisements. An attacker can also provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file.\n\nOther vulnerabilities deemed \"critical\" are listed below:\n\n \n\n\n[CVE-2018-8345](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8345>) LNK Remote Code Execution Vulnerability\n\n[CVE-2018-8359](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8371](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8371>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8377](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8377>) Microsoft Edge Memory Corruption Vulnerability\n\n[CVE-2018-8385](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8385>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8387](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8387>) Microsoft Edge Memory Corruption Vulnerability\n\n[CVE-2018-8390](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8390>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8403](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8403>) Microsoft Browser Memory Corruption Vulnerability\n\n### Important Vulnerabilities\n\n \n\n\nThis month, Microsoft is addressing 38 vulnerabilities that are rated \"important.\" Talos believes two of these are notable and require prompt attention.\n\n \n\n\n[CVE-2018-8200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200>) is a vulnerability that exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploits this vulnerability can potentially inject code into a trusted PowerShell process to bypass the Device Guard code integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine and then inject malicious code into a script that is trusted by the policy. The injected code would then run with the same trust level as the script and bypass the policy.\n\n \n\n\n[CVE-2018-8340](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8340>) is a vulnerability in the Windows Authentication Methods, and enables an Active Directory Federation Services (AD FS) Security Bypass vulnerability. An attacker who successfully exploits this vulnerability could bypass some, but not all, of the authentication factors.\n\n \n\n\nOther vulnerabilities deemed \"important\" are listed below:\n\n \n\n\n[CVE-2018-0952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952>) Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability\n\n[CVE-2018-8204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8204>) Device Guard Code Integrity Policy Security Feature Bypass Vulnerability\n\n[CVE-2018-8253](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253>) Cortana Elevation of Privilege Vulnerability\n\n[CVE-2018-8316](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316>) Internet Explorer Remote Code Execution Vulnerability\n\n[CVE-2018-8339](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8339>) Windows Installer Elevation of Privilege Vulnerability\n\n[CVE-2018-8341](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8341>) Windows Kernel Information Disclosure Vulnerability\n\n[CVE-2018-8342](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8342>) Windows NDIS Elevation of Privilege Vulnerability\n\n[CVE-2018-8343](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8343>) Windows NDIS Elevation of Privilege Vulnerability\n\n[CVE-2018-8346](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346>) LNK Remote Code Execution Vulnerability\n\n[CVE-2018-8347](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8347>) Windows Kernel Elevation of Privilege Vulnerability\n\n[CVE-2018-8348](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8348>) Windows Kernel Information Disclosure Vulnerability\n\n[CVE-2018-8349](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8349>) Microsoft COM for Windows Remote Code Execution Vulnerability\n\n[CVE-2018-8351](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8351>) Microsoft Edge Information Disclosure Vulnerability\n\n[CVE-2018-8353](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8357](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8357>) Microsoft Browser Elevation of Privilege Vulnerability\n\n[CVE-2018-8358](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8358>) Microsoft Browser Security Feature Bypass Vulnerability\n\n[CVE-2018-8360](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360>) .NET Framework Information Disclosure Vulnerability\n\n[CVE-2018-8370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8370>) Microsoft Edge Information Disclosure Vulnerability\n\n[CVE-2018-8375](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375>) Microsoft Excel Remote Code Execution Vulnerability\n\n[CVE-2018-8376](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8376>) Microsoft PowerPoint Remote Code Execution Vulnerability\n\n[CVE-2018-8378](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378>) Microsoft Office Information Disclosure Vulnerability\n\n[CVE-2018-8379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8379>) Microsoft Excel Remote Code Execution Vulnerability\n\n[CVE-2018-8382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382>) Microsoft Excel Information Disclosure Vulnerability\n\n[CVE-2018-8383](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8383>) Microsoft Edge Spoofing Vulnerability\n\n[CVE-2018-8389](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8389>) Scripting Engine Memory Corruption Vulnerability\n\n[CVE-2018-8394](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8394>) Windows GDI Information Disclosure Vulnerability\n\n[CVE-2018-8396](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8396>) Windows GDI Information Disclosure Vulnerability\n\n[CVE-2018-8398](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8398>) Windows GDI Information Disclosure Vulnerability\n\n[CVE-2018-8399](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8399>) Win32k Elevation of Privilege Vulnerability\n\n[CVE-2018-8400](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8400>) DirectX Graphics Kernel Elevation of Privilege Vulnerability\n\n[CVE-2018-8401](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8401>) DirectX Graphics Kernel Elevation of Privilege Vulnerability\n\n[CVE-2018-8404](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8404>) Win32k Elevation of Privilege Vulnerability\n\n[CVE-2018-8405](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405>) DirectX Graphics Kernel Elevation of Privilege Vulnerability\n\n[CVE-2018-8406](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406>) DirectX Graphics Kernel Elevation of Privilege Vulnerability\n\n[CVE-2018-8412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8412>) Microsoft (MAU) Office Elevation of Privilege Vulnerability\n\n[CVE-2018-8414](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414>) Windows Shell Remote Code Execution Vulnerability\n\n### Coverage\n\n \n\n\nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.\n\n \n\n\nSnort Rules:\n\n \n\n\n45877-45878, 46548-46549, 46999-47002, 47474-47493, 47495-47496, 47503-47504, 47512-47513, 47515-47520\n\n \n", "modified": "2018-08-14T18:26:00", "published": "2018-08-14T11:26:00", "id": "TALOSBLOG:A9E55A97439608C62C1BF62669B8074A", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/8ZjMNLg4_Bs/ms-tuesday.html", "type": "talosblog", "title": "Microsoft Tuesday August 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2020-10-07T06:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8815", "CVE-2020-3899", "CVE-2019-8844", "CVE-2020-10018", "CVE-2019-8608", "CVE-2019-8563", "CVE-2019-8769", "CVE-2020-3902", "CVE-2019-8782", "CVE-2019-8506", "CVE-2019-8610", "CVE-2019-8559", "CVE-2019-8726", "CVE-2019-8822", "CVE-2019-8743", "CVE-2019-8707", "CVE-2020-3885", "CVE-2019-8677", "CVE-2019-8584", "CVE-2019-8558", "CVE-2019-8649", "CVE-2019-8820", "CVE-2019-8586", "CVE-2019-8587", "CVE-2020-3895", "CVE-2019-8808", "CVE-2019-8771", "CVE-2019-8763", "CVE-2019-8821", "CVE-2019-8816", "CVE-2019-8688", "CVE-2019-8674", "CVE-2020-11793", "CVE-2019-8551", "CVE-2019-8819", "CVE-2020-3865", "CVE-2019-8594", "CVE-2019-8622", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8611", "CVE-2020-3897", "CVE-2019-8735", "CVE-2019-8764", "CVE-2019-8823", "CVE-2019-8673", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8687", "CVE-2019-8846", "CVE-2019-8672", "CVE-2020-3862", "CVE-2019-6237", "CVE-2019-8583", "CVE-2019-8658", "CVE-2019-8678", "CVE-2019-8766", "CVE-2019-8720", "CVE-2019-8676", "CVE-2020-3867", "CVE-2019-8596", "CVE-2019-8813", "CVE-2019-8535", "CVE-2020-3901", "CVE-2019-8536", "CVE-2019-8686", "CVE-2020-3900", "CVE-2019-8644", "CVE-2019-8719", "CVE-2019-8811", "CVE-2019-8619", "CVE-2019-8733", "CVE-2019-8683", "CVE-2019-8615", "CVE-2019-8671", "CVE-2019-8765", "CVE-2019-8835", "CVE-2019-8625", "CVE-2019-8690", "CVE-2019-8571", "CVE-2019-8524", "CVE-2019-8783", "CVE-2019-8684", "CVE-2020-3894", "CVE-2019-8689", "CVE-2019-8710", "CVE-2019-8812", "CVE-2019-8597", "CVE-2020-3864", "CVE-2019-8768", "CVE-2019-8623", "CVE-2019-8814", "CVE-2020-3868", "CVE-2019-8609", "CVE-2019-8595", "CVE-2019-8666"], "description": "[2.28.2-2]\n- Resolves: rhbz#1817144 Rebuild to support ppc and s390\n[2.28.2-1]\n- Resolves: rhbz#1817144 Rebase to 2.28.2", "edition": 1, "modified": "2020-10-06T00:00:00", "published": "2020-10-06T00:00:00", "id": "ELSA-2020-4035", "href": "http://linux.oracle.com/errata/ELSA-2020-4035.html", "title": "webkitgtk4 security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-10-20T23:11:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8815", "CVE-2020-3899", "CVE-2019-8844", "CVE-2020-10018", "CVE-2019-8608", "CVE-2019-8563", "CVE-2019-8769", "CVE-2020-3902", "CVE-2019-8782", "CVE-2019-8506", "CVE-2019-8610", "CVE-2019-8559", "CVE-2019-8726", "CVE-2019-8822", "CVE-2019-8743", "CVE-2019-8707", "CVE-2020-3885", "CVE-2019-8677", "CVE-2019-8584", "CVE-2019-8558", "CVE-2019-8649", "CVE-2019-8820", "CVE-2019-8586", "CVE-2019-8587", "CVE-2020-3895", "CVE-2019-8808", "CVE-2019-8771", "CVE-2019-8763", "CVE-2019-8821", "CVE-2019-8816", "CVE-2019-8688", "CVE-2019-8674", "CVE-2020-11793", "CVE-2019-8551", "CVE-2019-8819", "CVE-2020-3865", "CVE-2019-8594", "CVE-2019-8622", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8611", "CVE-2020-3897", "CVE-2019-8735", "CVE-2019-8764", "CVE-2019-8823", "CVE-2019-8673", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8687", "CVE-2019-8846", "CVE-2019-8672", "CVE-2020-3862", "CVE-2019-6237", "CVE-2019-8583", "CVE-2019-8658", "CVE-2019-8678", "CVE-2019-8766", "CVE-2019-8720", "CVE-2019-8676", "CVE-2020-3867", "CVE-2019-8596", "CVE-2019-8813", "CVE-2019-8535", "CVE-2020-3901", "CVE-2019-8536", "CVE-2019-8686", "CVE-2020-3900", "CVE-2019-8644", "CVE-2019-8719", "CVE-2019-8811", "CVE-2019-8619", "CVE-2019-8733", "CVE-2019-8683", "CVE-2019-8615", "CVE-2019-8671", "CVE-2019-8765", "CVE-2019-8835", "CVE-2019-8625", "CVE-2019-8690", "CVE-2019-8571", "CVE-2019-8524", "CVE-2019-8783", "CVE-2019-8684", "CVE-2020-3894", "CVE-2019-8689", "CVE-2019-8710", "CVE-2019-8812", "CVE-2019-8597", "CVE-2020-3864", "CVE-2019-8768", "CVE-2019-8623", "CVE-2019-8814", "CVE-2020-3868", "CVE-2019-8609", "CVE-2019-8595", "CVE-2019-8666"], "description": "**CentOS Errata and Security Advisory** CESA-2020:4035\n\n\nWebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3.\n\nThe following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-October/012864.html\n\n**Affected packages:**\nwebkitgtk4\nwebkitgtk4-devel\nwebkitgtk4-doc\nwebkitgtk4-jsc\nwebkitgtk4-jsc-devel\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-10-20T19:07:36", "published": "2020-10-20T19:07:36", "id": "CESA-2020:4035", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-October/012864.html", "title": "webkitgtk4 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
