Detections
Analytics

Alpine: webkit2gtk: security update to 2.24.3-r0

high Tenable Self-Hosted Container Security Plugin ID 427549

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS
 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for
 Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary
 code execution. (CVE-2019-8689)

 - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS
 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13,
 iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
 (CVE-2019-8644, CVE-2019-8666)

 - A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved
 state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes
 for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web
 content may lead to universal cross site scripting. (CVE-2019-8649)

 - A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave
 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud
 for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
 (CVE-2019-8658)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-8644

https://security.alpinelinux.org/vuln/CVE-2019-8649

https://security.alpinelinux.org/vuln/CVE-2019-8658

https://security.alpinelinux.org/vuln/CVE-2019-8666

https://security.alpinelinux.org/vuln/CVE-2019-8669

https://security.alpinelinux.org/vuln/CVE-2019-8671

https://security.alpinelinux.org/vuln/CVE-2019-8672

https://security.alpinelinux.org/vuln/CVE-2019-8673

https://security.alpinelinux.org/vuln/CVE-2019-8676

https://security.alpinelinux.org/vuln/CVE-2019-8677

https://security.alpinelinux.org/vuln/CVE-2019-8678

https://security.alpinelinux.org/vuln/CVE-2019-8679

https://security.alpinelinux.org/vuln/CVE-2019-8680

https://security.alpinelinux.org/vuln/CVE-2019-8681

https://security.alpinelinux.org/vuln/CVE-2019-8683

https://security.alpinelinux.org/vuln/CVE-2019-8684

https://security.alpinelinux.org/vuln/CVE-2019-8686

https://security.alpinelinux.org/vuln/CVE-2019-8687

https://security.alpinelinux.org/vuln/CVE-2019-8688

https://security.alpinelinux.org/vuln/CVE-2019-8689

https://security.alpinelinux.org/vuln/CVE-2019-8690

https://security.alpinelinux.org/vuln/CVE-2019-8726

Plugin Details

Severity: High

ID: 427549

Version: Revision 1.2

Type: Local

Published: 5/16/2025

Updated: 5/16/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-8689

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2019-8726

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/17/2019

Reference Information

CVE: CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8726

BID: 109329, 109328