Detections
Analytics

Alpine: webkit2gtk: security update to 2.26.0-r0

high Tenable Cloud Security Plugin ID 407565

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS
 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0,
 iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
 (CVE-2019-8815)

 - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for
 Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web
 content may lead to universal cross site scripting. (CVE-2019-8625)

 - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in
 iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
 (CVE-2019-8710)

 - A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content
 that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory
 corruption issues. (CVE-2019-8720)

 - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in
 watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
 (CVE-2019-8743)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-8625

https://security.alpinelinux.org/vuln/CVE-2019-8710

https://security.alpinelinux.org/vuln/CVE-2019-8720

https://security.alpinelinux.org/vuln/CVE-2019-8743

https://security.alpinelinux.org/vuln/CVE-2019-8764

https://security.alpinelinux.org/vuln/CVE-2019-8766

https://security.alpinelinux.org/vuln/CVE-2019-8769

https://security.alpinelinux.org/vuln/CVE-2019-8771

https://security.alpinelinux.org/vuln/CVE-2019-8782

https://security.alpinelinux.org/vuln/CVE-2019-8815

https://security.alpinelinux.org/vuln/CVE-2021-30666

https://security.alpinelinux.org/vuln/CVE-2021-30761

Plugin Details

Severity: High

ID: 407565

Version: Revision 1.30

Type: Local

Published: 10/31/2023

Updated: 10/23/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-8815

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2021-30761

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/23/2019

CISA Known Exploited Vulnerability Due Dates: 11/17/2021, 6/13/2022

Reference Information

CVE: CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8815, CVE-2021-30666, CVE-2021-30761