Vulnerabilities > CVE-2016-7652 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
apple
CWE-119
nessus

Summary

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Vulnerable Configurations

Part Description Count
OS
Apple
154
Application
Apple
325

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyWindows
    NASL idITUNES_12_5_4.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is prior to 12.5.4. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-4692, CVE-2016-7635, CVE-2016-7652) - Multiple information disclosure vulnerabilities exist in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-4743, CVE-2016-7656) - An information disclosure vulnerability exists in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7586) - Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610, CVE-2016-7611, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7654) - An information disclosure vulnerability exists in WebKit due to improper handling of JavaScript prompts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-7592) - An information disclosure vulnerability exists in WebKit due to the use of uninitialized memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-7598) - An information disclosure vulnerability exists that is triggered when handling HTTP redirections. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7599) - A remote code execution vulnerability exists in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-7632) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id95824
    published2016-12-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95824
    titleApple iTunes < 12.5.4 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95824);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2016-4692",
        "CVE-2016-4743",
        "CVE-2016-7586",
        "CVE-2016-7587",
        "CVE-2016-7589",
        "CVE-2016-7592",
        "CVE-2016-7598",
        "CVE-2016-7599",
        "CVE-2016-7610",
        "CVE-2016-7611",
        "CVE-2016-7632",
        "CVE-2016-7635",
        "CVE-2016-7639",
        "CVE-2016-7640",
        "CVE-2016-7641",
        "CVE-2016-7642",
        "CVE-2016-7645",
        "CVE-2016-7646",
        "CVE-2016-7648",
        "CVE-2016-7649",
        "CVE-2016-7652",
        "CVE-2016-7654",
        "CVE-2016-7656"
      );
      script_bugtraq_id(94907, 94908, 94909);
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-12-13-3");
    
      script_name(english:"Apple iTunes < 12.5.4 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks the version of iTunes on Windows.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes installed on the remote Windows host is
    prior to 12.5.4. It is, therefore, affected by multiple
    vulnerabilities :
    
      - Multiple remote code execution vulnerabilities exist in
        WebKit due to improper validation of user-supplied
        input and improper handling of objects in memory. An
        unauthenticated, remote attacker can exploit these
        vulnerabilities, by convincing a user to visit a
        specially crafted website, to corrupt memory and execute
        arbitrary code. (CVE-2016-4692, CVE-2016-7635,
        CVE-2016-7652)
    
      - Multiple information disclosure vulnerabilities exist
        in WebKit due to improper validation of user-supplied
        input. An unauthenticated, remote attacker can exploit
        these, by convincing a user to visit a specially crafted
        website, to disclose memory contents. (CVE-2016-4743,
        CVE-2016-7656)
    
      - An information disclosure vulnerability exists in WebKit
        due to improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this, by
        convincing a user to visit a specially crafted website,
        to disclose user information. (CVE-2016-7586)
    
      - Multiple remote code execution vulnerabilities exist in
        WebKit due to improper validation of user-supplied
        input and improper state management. An unauthenticated,
        remote attacker can exploit these vulnerabilities, by
        convincing a user to visit a specially crafted website,
        to corrupt memory and execute arbitrary code.
        (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610,
        CVE-2016-7611, CVE-2016-7639, CVE-2016-7640,
        CVE-2016-7641, CVE-2016-7642, CVE-2016-7645,
        CVE-2016-7646, CVE-2016-7648, CVE-2016-7649,
        CVE-2016-7654)
    
      - An information disclosure vulnerability exists in WebKit
        due to improper handling of JavaScript prompts. An
        unauthenticated, remote attacker can exploit this, by
        convincing a user to visit a specially crafted website,
        to corrupt memory and execute arbitrary code.
        (CVE-2016-7592)
    
      - An information disclosure vulnerability exists in WebKit
        due to the use of uninitialized memory. An
        unauthenticated, remote attacker can exploit this, by
        convincing a user to visit a specially crafted website,
        to disclose memory contents. (CVE-2016-7598)
    
      - An information disclosure vulnerability exists that is
        triggered when handling HTTP redirections. An
        unauthenticated, remote attacker can exploit this, by
        convincing a user to visit a specially crafted website,
        to disclose user information. (CVE-2016-7599)
    
      - A remote code execution vulnerability exists in WebKit
        due to improper validation of user-supplied
        input and improper state management. An unauthenticated,
        remote attacker can exploit this, by convincing a user
        to visit a specially crafted website, to cause a denial
        of service condition or the execution of arbitrary code.
        (CVE-2016-7632)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207427");
      # https://lists.apple.com/archives/security-announce/2016/Dec/msg00005.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?848e8b5e");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes version 12.5.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7656");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("vcf.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    app_info = vcf::get_app_info(app:"iTunes Version", win_local:TRUE);
    
    constraints = [{ "fixed_version" : "12.5.4" }];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_12_5_4_BANNER.NASL
    descriptionThe version of Apple iTunes running on the remote host is prior to 12.5.4 It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-4692, CVE-2016-7635, CVE-2016-7652) - Multiple information disclosure vulnerabilities exist in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-4743, CVE-2016-7656) - An information disclosure vulnerability exists in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7586) - Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610, CVE-2016-7611, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7654) - An information disclosure vulnerability exists in WebKit due to improper handling of JavaScript prompts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-7592) - An information disclosure vulnerability exists in WebKit due to the use of uninitialized memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-7598) - An information disclosure vulnerability exists that is triggered when handling HTTP redirections. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7599) - A remote code execution vulnerability exists in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-7632) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id95825
    published2016-12-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95825
    titleApple iTunes < 12.5.4 Multiple Vulnerabilities (uncredentialed check)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201706-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201706-15 (WebKitGTK+: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact : A remote attack can use multiple vectors to execute arbitrary code or cause a denial of service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100675
    published2017-06-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100675
    titleGLSA-201706-15 : WebKitGTK+: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI10_0_2.NASL
    descriptionThe version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.0.2. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-4692, CVE-2016-7635, CVE-2016-7652) - Multiple information disclosure vulnerabilities exist in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-4743, CVE-2016-7656) - An information disclosure vulnerability exists in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7586) - Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610, CVE-2016-7611, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7654) - An information disclosure vulnerability exists in WebKit due to improper handling of JavaScript prompts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-7592) - An information disclosure vulnerability exists in WebKit due to the use of uninitialized memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-7598) - An information disclosure vulnerability exists that is triggered when handling HTTP redirections. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7599) - An information disclosure vulnerability exists in WebKit due to improper validation of user-supplied input and blob URLs. An unauthenticated, remote attacker can exploit this, via a specially crafted blob URL, to disclose user information. (CVE-2016-7623) - A remote code execution vulnerability exists in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-7632) - A cross-site scripting (XSS) vulnerability exists in Safari Reader due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id95919
    published2016-12-16
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95919
    titlemacOS : Apple Safari < 10.0.2 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0219-1.NASL
    descriptionThis update for webkit2gtk3 fixes the following issues: Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of
    last seen2020-06-01
    modified2020-06-02
    plugin id106370
    published2018-01-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106370
    titleSUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:0219-1) (Meltdown) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-D317F6FB61.NASL
    descriptionThis update addresses the following vulnerabilities : - [CVE-2016-7656](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7656), [CVE-2016-7635](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7635), [CVE-2016-7654](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7654), [CVE-2016-7639](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7639), [CVE-2016-7645](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7645), [CVE-2016-7652](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7652), [CVE-2016-7641](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7641), [CVE-2016-7632](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7632), [CVE-2016-7599](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7599), [CVE-2016-7592](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7592), [CVE-2016-7589](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7589), [CVE-2016-7623](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7623), [CVE-2016-7586](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7586) Additional fixes : - Create GLX OpenGL contexts using version 3.2 (core profile) when available to reduce the memory consumption on Mesa based drivers. - Improve memory pressure handler to reduce the CPU usage on memory pressure situations. - Fix a regression in WebKitWebView title notify signal emission that caused the signal to be emitted multiple times. - Fix high CPU usage in the web process loading hyphenation dictionaries. More user agent string improvements to improve compatibility with several websites. - Fix web process crash when closing the web view in X11. - Fix the build with OpenGL ES2 enabled. - Fix several crashes and rendering issues. Translation updates : - German. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-01-23
    plugin id96680
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96680
    titleFedora 24 : webkitgtk4 (2017-d317f6fb61)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-B015AA1D33.NASL
    descriptionThis update addresses the following vulnerabilities : - [CVE-2016-7656](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7656), [CVE-2016-7635](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7635), [CVE-2016-7654](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7654), [CVE-2016-7639](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7639), [CVE-2016-7645](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7645), [CVE-2016-7652](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7652), [CVE-2016-7641](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7641), [CVE-2016-7632](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7632), [CVE-2016-7599](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7599), [CVE-2016-7592](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7592), [CVE-2016-7589](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7589), [CVE-2016-7623](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7623), [CVE-2016-7586](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7586) Additional fixes : - Create GLX OpenGL contexts using version 3.2 (core profile) when available to reduce the memory consumption on Mesa based drivers. - Improve memory pressure handler to reduce the CPU usage on memory pressure situations. - Fix a regression in WebKitWebView title notify signal emission that caused the signal to be emitted multiple times. - Fix high CPU usage in the web process loading hyphenation dictionaries. More user agent string improvements to improve compatibility with several websites. - Fix web process crash when closing the web view in X11. - Fix the build with OpenGL ES2 enabled. - Fix several crashes and rendering issues. Translation updates : - German. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-01-23
    plugin id96676
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96676
    titleFedora 25 : webkitgtk4 (2017-b015aa1d33)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3191-1.NASL
    descriptionA large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97048
    published2017-02-07
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97048
    titleUbuntu 16.04 LTS / 16.10 : webkit2gtk vulnerabilities (USN-3191-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2933-1.NASL
    descriptionThis update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed : - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted website that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted website (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted website (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a website (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted website (bsc#1020950) For other non-security fixes please check the changelog. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104428
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104428
    titleSUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2017:2933-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1268.NASL
    descriptionThis update for webkit2gtk3 to version 2.18.0 fixes the following issues : These security issues were fixed : - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted website that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted website (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted website (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a website (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a website (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted website (bsc#1020950) For other non-security fixes please check the changelog. This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-11-13
    plugin id104526
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104526
    titleopenSUSE Security Update : webkit2gtk3 (openSUSE-2017-1268)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-118.NASL
    descriptionThis update for webkit2gtk3 fixes the following issues : Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of
    last seen2020-06-05
    modified2018-02-01
    plugin id106549
    published2018-02-01
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106549
    titleopenSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)