Detections
Analytics

Alpine: webkit2gtk: security update to 2.14.5-r0

high Tenable Self-Hosted Container Security Plugin ID 426271

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is
 affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote
 attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)
 via a crafted web site. (CVE-2017-2373)

 - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is
 affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote
 attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
 (CVE-2017-2350)

 - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is
 affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is
 affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code
 or cause a denial of service (memory corruption and application crash) via a crafted web site.
 (CVE-2017-2354, CVE-2017-2356)

 - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is
 affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is
 affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code
 or cause a denial of service (uninitialized memory access and application crash) via a crafted web site.
 (CVE-2017-2355)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-2350

https://security.alpinelinux.org/vuln/CVE-2017-2354

https://security.alpinelinux.org/vuln/CVE-2017-2355

https://security.alpinelinux.org/vuln/CVE-2017-2356

https://security.alpinelinux.org/vuln/CVE-2017-2362

https://security.alpinelinux.org/vuln/CVE-2017-2363

https://security.alpinelinux.org/vuln/CVE-2017-2364

https://security.alpinelinux.org/vuln/CVE-2017-2365

https://security.alpinelinux.org/vuln/CVE-2017-2366

https://security.alpinelinux.org/vuln/CVE-2017-2369

https://security.alpinelinux.org/vuln/CVE-2017-2371

https://security.alpinelinux.org/vuln/CVE-2017-2373

Plugin Details

Severity: High

ID: 426271

Version: Revision 1.1

Type: Local

Published: 5/16/2025

Updated: 5/16/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-2373

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/19/2017

Reference Information

CVE: CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373

BID: 95727, 95736, 95728, 95725, 95733, 95735