Vulnerabilities > CVE-2019-8607 - Out-of-bounds Read vulnerability in Apple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
apple
CWE-125
nessus

Summary

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.

Vulnerable Configurations

Part Description Count
Application
Apple
191
OS
Apple
453

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyWindows
    NASL idITUNES_12_9_5.NASL
    descriptionThe version of Apple iTunes for Windows installed on the remote Windows host is prior to 12.9.5. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210124 advisory. - An application may be able to gain elevated privileges (CVE-2019-8577) - A maliciously crafted SQL query may lead to arbitrary code execution (CVE-2019-8600) - A malicious application may be able to read restricted memory (CVE-2019-8598) - A malicious application may be able to elevate privileges (CVE-2019-8602) - Processing maliciously crafted web content may result in the disclosure of process memory (CVE-2019-8607) - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126476
    published2019-07-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126476
    titleApple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126476);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id(
        "CVE-2019-6237",
        "CVE-2019-8571",
        "CVE-2019-8577",
        "CVE-2019-8583",
        "CVE-2019-8584",
        "CVE-2019-8586",
        "CVE-2019-8587",
        "CVE-2019-8594",
        "CVE-2019-8595",
        "CVE-2019-8596",
        "CVE-2019-8597",
        "CVE-2019-8598",
        "CVE-2019-8600",
        "CVE-2019-8601",
        "CVE-2019-8602",
        "CVE-2019-8607",
        "CVE-2019-8608",
        "CVE-2019-8609",
        "CVE-2019-8610",
        "CVE-2019-8611",
        "CVE-2019-8615",
        "CVE-2019-8619",
        "CVE-2019-8622",
        "CVE-2019-8623",
        "CVE-2019-8628"
      );
      script_bugtraq_id(108491, 108497);
      script_xref(name:"APPLE-SA", value:"HT210124");
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-05-09");
    
      script_name(english:"Apple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks the version of iTunes for Windows on Windows");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by multiple
    vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes for Windows installed on the remote
    Windows host is prior to 12.9.5. It is, therefore, affected by
    multiple vulnerabilities as referenced in the HT210124 advisory.
    
      - An application may be able to gain elevated privileges
        (CVE-2019-8577)
    
      - A maliciously crafted SQL query may lead to arbitrary
        code execution (CVE-2019-8600)
    
      - A malicious application may be able to read restricted
        memory (CVE-2019-8598)
    
      - A malicious application may be able to elevate
        privileges (CVE-2019-8602)
    
      - Processing maliciously crafted web content may result in
        the disclosure of process memory (CVE-2019-8607)
    
      - Processing maliciously crafted web content may lead to
        arbitrary code execution (CVE-2019-6237, CVE-2019-8571,
        CVE-2019-8583, CVE-2019-8584, CVE-2019-8586,
        CVE-2019-8587, CVE-2019-8594, CVE-2019-8595,
        CVE-2019-8596, CVE-2019-8597, CVE-2019-8601,
        CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
        CVE-2019-8611, CVE-2019-8615, CVE-2019-8619,
        CVE-2019-8622, CVE-2019-8623, CVE-2019-8628)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT210124");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes for Windows version 12.9.5 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8600");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    include('vcf.inc');
    
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    
    app_info = vcf::get_app_info(app:'iTunes Version', win_local:TRUE);
    constraints = [{'fixed_version':'12.9.5'}];
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A0D15F5E40.NASL
    description - Fix rendering of emojis copy-pasted from GTK emoji chooser. - Fix space characters not being rendered with some CJK fonts. - Fix adaptive streaming playback with older GStreamer versions. - Set a maximum zoom level for pinch zooming gesture. - Fix navigation gesture to not interfere with scrolling. - Fix SSE2 detection at compile time, ensuring the right flags are passed to the compiler. - Fix several crashes and rendering issues. - Translation updates: Danish, Spanish, Ukrainian. - Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125612
    published2019-05-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125612
    titleFedora 29 : webkit2gtk3 (2019-a0d15f5e40)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-a0d15f5e40.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125612);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/13");
    
      script_cve_id("CVE-2019-8595", "CVE-2019-8607", "CVE-2019-8615");
      script_xref(name:"FEDORA", value:"2019-a0d15f5e40");
    
      script_name(english:"Fedora 29 : webkit2gtk3 (2019-a0d15f5e40)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fix rendering of emojis copy-pasted from GTK emoji
        chooser.
    
      - Fix space characters not being rendered with some CJK
        fonts.
    
      - Fix adaptive streaming playback with older GStreamer
        versions.
    
      - Set a maximum zoom level for pinch zooming gesture.
    
      - Fix navigation gesture to not interfere with scrolling.
    
      - Fix SSE2 detection at compile time, ensuring the right
        flags are passed to the compiler.
    
      - Fix several crashes and rendering issues.
    
      - Translation updates: Danish, Spanish, Ukrainian.
    
      - Security fixes: CVE-2019-8595, CVE-2019-8607,
        CVE-2019-8615.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a0d15f5e40"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected webkit2gtk3 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkit2gtk3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"webkit2gtk3-2.24.2-1.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkit2gtk3");
    }
    
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_12_9_5_BANNER.NASL
    descriptionThe version of Apple iTunes for Windows installed on the remote Windows host is prior to 12.9.5. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210124 advisory. - An application may be able to gain elevated privileges (CVE-2019-8577) - A maliciously crafted SQL query may lead to arbitrary code execution (CVE-2019-8600) - A malicious application may be able to read restricted memory (CVE-2019-8598) - A malicious application may be able to elevate privileges (CVE-2019-8602) - Processing maliciously crafted web content may result in the disclosure of process memory (CVE-2019-8607) - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126475
    published2019-07-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126475
    titleApple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126475);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id(
        "CVE-2019-6237",
        "CVE-2019-8571",
        "CVE-2019-8577",
        "CVE-2019-8583",
        "CVE-2019-8584",
        "CVE-2019-8586",
        "CVE-2019-8587",
        "CVE-2019-8594",
        "CVE-2019-8595",
        "CVE-2019-8596",
        "CVE-2019-8597",
        "CVE-2019-8598",
        "CVE-2019-8600",
        "CVE-2019-8601",
        "CVE-2019-8602",
        "CVE-2019-8607",
        "CVE-2019-8608",
        "CVE-2019-8609",
        "CVE-2019-8610",
        "CVE-2019-8611",
        "CVE-2019-8615",
        "CVE-2019-8619",
        "CVE-2019-8622",
        "CVE-2019-8623",
        "CVE-2019-8628"
      );
      script_bugtraq_id(108491, 108497);
      script_xref(name:"APPLE-SA", value:"HT210124");
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-05-09");
    
      script_name(english:"Apple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (uncredentialed check)");
      script_summary(english:"Checks the version of iTunes for Windows on Windows");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by multiple
    vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes for Windows installed on the remote
    Windows host is prior to 12.9.5. It is, therefore, affected by
    multiple vulnerabilities as referenced in the HT210124 advisory.
    
      - An application may be able to gain elevated privileges
        (CVE-2019-8577)
    
      - A maliciously crafted SQL query may lead to arbitrary
        code execution (CVE-2019-8600)
    
      - A malicious application may be able to read restricted
        memory (CVE-2019-8598)
    
      - A malicious application may be able to elevate
        privileges (CVE-2019-8602)
    
      - Processing maliciously crafted web content may result in
        the disclosure of process memory (CVE-2019-8607)
    
      - Processing maliciously crafted web content may lead to
        arbitrary code execution (CVE-2019-6237, CVE-2019-8571,
        CVE-2019-8583, CVE-2019-8584, CVE-2019-8586,
        CVE-2019-8587, CVE-2019-8594, CVE-2019-8595,
        CVE-2019-8596, CVE-2019-8597, CVE-2019-8601,
        CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
        CVE-2019-8611, CVE-2019-8615, CVE-2019-8619,
        CVE-2019-8622, CVE-2019-8623, CVE-2019-8628)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT210124");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes for Windows version 12.9.5 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8600");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Peer-To-Peer File Sharing");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_sharing.nasl");
      script_require_keys("installed_sw/iTunes DAAP");
      script_require_ports("Services/www", 3689);
    
      exit(0);
    }
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('http.inc');
    include('vcf.inc');
    
    app = 'iTunes DAAP';
    port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
    
    app_info = vcf::get_app_info(app:app, port:port);
    if (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');
    constraints = [{'fixed_version':'12.9.5'}];
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2019-003.NASL
    descriptionThe remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory (CVE-2019-8603, CVE-2019-8560) - An application may be able to execute arbitrary code with system privileges (CVE-2019-8635, CVE-2019-8616, CVE-2019-8629, CVE-2018-4456, CVE-2019-8604, CVE-2019-8574, CVE-2019-8569) - An application may be able to execute arbitrary code with kernel privileges (CVE-2019-8590) - Processing a maliciously crafted audio file may lead to arbitrary code execution (CVE-2019-8592) - Processing a maliciously crafted movie file may lead to arbitrary code execution (CVE-2019-8585) - A malicious application may bypass Gatekeeper checks (CVE-2019-8589) - A malicious application may be able to read restricted memory (CVE-2019-8560, CVE-2019-8598) - A user may be unexpectedly logged in to another users account (CVE-2019-8634) - A local user may be able to load unsigned kernel extensions (CVE-2019-8606) - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8605) - A local user may be able to cause unexpected system termination or read kernel memory (CVE-2019-8576) - An application may be able to cause unexpected system termination or write kernel memory (CVE-2019-8591) - An application may be able to gain elevated privileges (CVE-2019-8577) - A maliciously crafted SQL query may lead to arbitrary code execution (CVE-2019-8600) - A malicious application may be able to elevate privileges (CVE-2019-8602) - A local user may be able to modify protected parts of the file system (CVE-2019-8568) - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601,CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628) - Processing maliciously crafted web content may result in the disclosure of process memory (CVE-2019-8607) Note that Nessus has not tested for this issue but has instead relied only on the operating system
    last seen2020-06-01
    modified2020-06-02
    plugin id125151
    published2019-05-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125151
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125151);
      script_version("1.7");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id(
        "CVE-2018-4456",
        "CVE-2019-6237",
        "CVE-2019-8560",
        "CVE-2019-8568",
        "CVE-2019-8569",
        "CVE-2019-8571",
        "CVE-2019-8574",
        "CVE-2019-8576",
        "CVE-2019-8577",
        "CVE-2019-8583",
        "CVE-2019-8584",
        "CVE-2019-8585",
        "CVE-2019-8586",
        "CVE-2019-8587",
        "CVE-2019-8589",
        "CVE-2019-8590",
        "CVE-2019-8591",
        "CVE-2019-8592",
        "CVE-2019-8594",
        "CVE-2019-8595",
        "CVE-2019-8596",
        "CVE-2019-8597",
        "CVE-2019-8598",
        "CVE-2019-8600",
        "CVE-2019-8601",
        "CVE-2019-8602",
        "CVE-2019-8603",
        "CVE-2019-8604",
        "CVE-2019-8605",
        "CVE-2019-8606",
        "CVE-2019-8607",
        "CVE-2019-8608",
        "CVE-2019-8609",
        "CVE-2019-8610",
        "CVE-2019-8611",
        "CVE-2019-8615",
        "CVE-2019-8616",
        "CVE-2019-8619",
        "CVE-2019-8622",
        "CVE-2019-8623",
        "CVE-2019-8628",
        "CVE-2019-8629",
        "CVE-2019-8634",
        "CVE-2019-8635"
      );
      script_xref(name:"APPLE-SA", value:"HT210119");
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-05-09");
    
      script_name(english:"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)");
      script_summary(english:"Checks the presence of Security Update 2019-003.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS or Mac OS X security update that fixes multiple vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore,
    affected by multiple vulnerabilities :
    
      - An application may be able to read restricted memory (CVE-2019-8603, CVE-2019-8560)
    
      - An application may be able to execute arbitrary code with system privileges (CVE-2019-8635, CVE-2019-8616,
        CVE-2019-8629, CVE-2018-4456, CVE-2019-8604, CVE-2019-8574, CVE-2019-8569)
    
      - An application may be able to execute arbitrary code with kernel privileges (CVE-2019-8590)
    
      - Processing a maliciously crafted audio file may lead to arbitrary code execution (CVE-2019-8592)
    
      - Processing a maliciously crafted movie file may lead to arbitrary code execution (CVE-2019-8585)
    
      - A malicious application may bypass Gatekeeper checks (CVE-2019-8589)
    
      - A malicious application may be able to read restricted memory (CVE-2019-8560, CVE-2019-8598)
    
      - A user may be unexpectedly logged in to another users account (CVE-2019-8634)
    
      - A local user may be able to load unsigned kernel extensions (CVE-2019-8606)
    
      - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8605)
    
      - A local user may be able to cause unexpected system termination or read kernel memory (CVE-2019-8576)
    
      - An application may be able to cause unexpected system termination or write kernel memory (CVE-2019-8591)
    
      - An application may be able to gain elevated privileges (CVE-2019-8577)
    
      - A maliciously crafted SQL query may lead to arbitrary code execution (CVE-2019-8600)
    
      - A malicious application may be able to elevate privileges (CVE-2019-8602)
    
      - A local user may be able to modify protected parts of the file system (CVE-2019-8568)
    
      - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-6237, CVE-2019-8571,
        CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596,
        CVE-2019-8597, CVE-2019-8601,CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,
        CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628)
    
      - Processing maliciously crafted web content may result in the disclosure of process memory (CVE-2019-8607)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the operating system's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT210119");
      script_set_attribute(attribute:"solution", value:"Install Security Update 2019-003 or later for 10.12.x or Security
    Update 2019-003 or later for 10.13.x");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4456");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_ports("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    
    # Compare 2 patch numbers to determine if patch requirements are satisfied.
    # Return true if this patch or a later patch is applied
    # Return false otherwise
    function check_patch(year, number)
    {
      local_var p_split = split(patch, sep:"-");
      local_var p_year  = int( p_split[0]);
      local_var p_num   = int( p_split[1]);
    
      if (year >  p_year) return TRUE;
      else if (year <  p_year) return FALSE;
      else if (number >=  p_num) return TRUE;
      else return FALSE;
    }
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    os = get_kb_item_or_exit("Host/MacOSX/Version");
    
    if (!preg(pattern:"Mac OS X 10\.1[2-3]\.", string:os))
      audit(AUDIT_OS_NOT, "Mac OS X 10.12.x / 10.13.x");
    
    patch = "2019-003";
    
    packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1);
    sec_boms_report = pgrep(
      pattern:"^com\.apple\.pkg\.update\.(security\.|os\.SecUpd).*bom$",
      string:packages
    );
    sec_boms = split(sec_boms_report, sep:'\n');
    
    foreach package (sec_boms)
    {
      # Grab patch year and number
      matches = pregmatch(pattern:"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]", string:package);
      if (empty_or_null(matches)) continue;
      if (empty_or_null(matches[1]) || empty_or_null(matches[2]))
        continue;
    
      patch_found = check_patch(year:int(matches[1]), number:int(matches[2]));
      if (patch_found) exit(0, "The host has Security Update " + patch + " or later installed and is therefore not affected.");
    }
    
    report =  '\n  Missing security update : ' + patch;
    report += '\n  Installed security BOMs : ';
    if (sec_boms_report) report += str_replace(find:'\n', replace:'\n                            ', string:sec_boms_report);
    else report += 'n/a';
    report += '\n';
    
    security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_14_5.NASL
    descriptionThe remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.5. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory (CVE-2019-8603, CVE-2019-8560) - An application may be able to execute arbitrary code with system privileges (CVE-2019-8635, CVE-2019-8616, CVE-2019-8629, CVE-2018-4456, CVE-2019-8604,CVE-2019-8574, CVE-2019-8569) - An application may be able to execute arbitrary code with kernel privileges (CVE-2019-8590) - Processing a maliciously crafted audio file may lead to arbitrary code execution (CVE-2019-8592) - Processing a maliciously crafted movie file may lead to arbitrary code execution (CVE-2019-8585) - A malicious application may bypass Gatekeeper checks (CVE-2019-8589) - A malicious application may be able to read restricted memory (CVE-2019-8560, CVE-2019-8598) - A user may be unexpectedly logged in to another users account (CVE-2019-8634) - A local user may be able to load unsigned kernel extensions (CVE-2019-8606) - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8605) - A local user may be able to cause unexpected system termination or read kernel memory (CVE-2019-8576) - An application may be able to cause unexpected system termination or write kernel memory (CVE-2019-8591) - An application may be able to gain elevated privileges (CVE-2019-8577) - A maliciously crafted SQL query may lead to arbitrary code execution (CVE-2019-8600) - A malicious application may be able to elevate privileges (CVE-2019-8602) - A local user may be able to modify protected parts of the file system (CVE-2019-8568) - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628) - Processing maliciously crafted web content may result in the disclosure of process memory (CVE-2019-8607) Note that Nessus has not tested for this issue but has instead relied only on the operating system
    last seen2020-06-01
    modified2020-06-02
    plugin id125150
    published2019-05-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125150
    titlemacOS 10.14.x < 10.14.5 Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idAPPLETV_12_3.NASL
    descriptionAccording to its banner, the version of Apple TV on the remote device is prior to 12.3. It is therefore affected by multiple vulnerabilities as described in the HT210120 security advisory: - Multiple unspecified command execution vulnerabilities exist that allow an attacker to execute arbitrary commands, sometimes with kernel privileges.(CVE-2019-8593, CVE-2019-8585, CVE-2019-8605, CVE-2019-8600, CVE-2019-8574) - Multiple elevation of privilege vulnerabilities exist due to improper memory handling. An application can exploit this to gain elevated privileges. (CVE-2019-6237 CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608) - An un disclosed elevation of privilege vulnerability exist due to improper memory handling. An application can exploit this to gain elevated privileges. (CVE-2019-8602)
    last seen2020-06-01
    modified2020-06-02
    plugin id125148
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125148
    titleApple TV < 12.3 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1850-1.NASL
    descriptionThis update for webkit2gtk3 to version 2.24.2 fixes the following issues : Security issues fixed : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126740
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126740
    titleSUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:1850-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3992-1.NASL
    descriptionA large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125354
    published2019-05-23
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125354
    titleUbuntu 18.04 LTS / 18.10 / 19.04 : webkit2gtk vulnerabilities (USN-3992-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2345-1.NASL
    descriptionThis update for webkit2gtk3 fixes the following issues : Updated to version 2.24.4 (bsc#1148931). Security issues fixed : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128675
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128675
    titleSUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:2345-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI_12_1_1.NASL
    descriptionThe version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.1.1 It is, therefore, affected by multiple vulnerabilities. - Multiple out-of-bound errors exist in WebKit, due to improper memory handling. An unauthenticated, remote attacker can exploit this, via specially crated web content to execute arbitrary commands. (CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628) - An out-of-bound read error exists in WebKit due to improper memory handling. An unauthenticated, remote attacker can exploit this, via specially crafted web content to disclose memory contents. (CVE-2019-8607)
    last seen2020-06-01
    modified2020-06-02
    plugin id125548
    published2019-05-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125548
    titlemacOS : Apple Safari < 12.1.1 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2208.NASL
    descriptionThis update for webkit2gtk3 fixes the following issues : Security issues fixed : - CVE-2019-8673, CVE-2019-8678, CVE-2019-8686, CVE-2019-8683, CVE-2019-8671, CVE-2019-8595, CVE-2019-8684, CVE-2019-8681, CVE-2019-8615, CVE-2019-8689, CVE-2019-8680, CVE-2019-8672, CVE-2019-8676, CVE-2019-8666, CVE-2019-8644, CVE-2019-8658, CVE-2019-8690, CVE-2019-8688, CVE-2019-8649, CVE-2019-8679, CVE-2019-8687, CVE-2019-8669, CVE-2019-8677, CVE-2019-8607 (bsc#1148931). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129460
    published2019-09-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129460
    titleopenSUSE Security Update : webkit2gtk3 (openSUSE-2019-2208)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2345-2.NASL
    descriptionThis update for webkit2gtk3 fixes the following issues : Updated to version 2.24.4 (bsc#1148931). Security issues fixed : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129844
    published2019-10-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129844
    titleSUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:2345-2)
  • NASL familyWindows
    NASL idICLOUD_7_12.NASL
    descriptionAccording to its version, the iCloud application installed on the remote Windows host is prior to 7.12. It is, therefore, affected by multiple vulnerabilities: - An arbitrary code execution vulnerability exists in SQLite & WebKit due to maliciously crafted content. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2019-8600, CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628) - An privilege escalation vulnerability exists in SQLite due to an input validation and memory corruption issue. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2019-8577, CVE-2019-8602) - An arbitrary memory read vulnerability exists in SQLite due to improper input validation. An unauthenticated, remote attacker can exploit this to read restricted memory. (CVE-2019-8598)
    last seen2020-06-01
    modified2020-06-02
    plugin id125878
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125878
    titleApple iCloud < 7.12 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2428-1.NASL
    descriptionThis update for webkit2gtk3 fixes the following issues : Security issues fixed : CVE-2019-8673, CVE-2019-8678, CVE-2019-8686, CVE-2019-8683, CVE-2019-8671, CVE-2019-8595, CVE-2019-8684, CVE-2019-8681, CVE-2019-8615, CVE-2019-8689, CVE-2019-8680, CVE-2019-8672, CVE-2019-8676, CVE-2019-8666, CVE-2019-8644, CVE-2019-8658, CVE-2019-8690, CVE-2019-8688, CVE-2019-8649, CVE-2019-8679, CVE-2019-8687, CVE-2019-8669, CVE-2019-8677, CVE-2019-8607 (bsc#1148931). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129282
    published2019-09-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129282
    titleSUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:2428-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-F18FB0F37D.NASL
    description - Fix rendering of emojis copy-pasted from GTK emoji chooser. - Fix space characters not being rendered with some CJK fonts. - Fix adaptive streaming playback with older GStreamer versions. - Set a maximum zoom level for pinch zooming gesture. - Fix navigation gesture to not interfere with scrolling. - Fix SSE2 detection at compile time, ensuring the right flags are passed to the compiler. - Fix several crashes and rendering issues. - Translation updates: Danish, Spanish, Ukrainian. - Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125276
    published2019-05-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125276
    titleFedora 30 : webkit2gtk3 (2019-f18fb0f37d)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201909-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201909-05 (WebkitGTK+: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Impact : An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id128594
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128594
    titleGLSA-201909-05 : WebkitGTK+: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3DD46E059FB011E9BF6500012E582166.NASL
    descriptionThe WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id126519
    published2019-07-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126519
    titleFreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (3dd46e05-9fb0-11e9-bf65-00012e582166)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1766.NASL
    descriptionThis update for webkit2gtk3 to version 2.24.2 fixes the following issues : Security issues fixed : - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126901
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126901
    titleopenSUSE Security Update : webkit2gtk3 (openSUSE-2019-1766)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2207.NASL
    descriptionThis update for webkit2gtk3 fixes the following issues : Security issues fixed : - CVE-2019-8673, CVE-2019-8678, CVE-2019-8686, CVE-2019-8683, CVE-2019-8671, CVE-2019-8595, CVE-2019-8684, CVE-2019-8681, CVE-2019-8615, CVE-2019-8689, CVE-2019-8680, CVE-2019-8672, CVE-2019-8676, CVE-2019-8666, CVE-2019-8644, CVE-2019-8658, CVE-2019-8690, CVE-2019-8688, CVE-2019-8649, CVE-2019-8679, CVE-2019-8687, CVE-2019-8669, CVE-2019-8677, CVE-2019-8607 (bsc#1148931). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129459
    published2019-09-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129459
    titleopenSUSE Security Update : webkit2gtk3 (openSUSE-2019-2207)