The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1586 advisory.

  - glib2: insecure permissions for files and directories (CVE-2019-13012)

  - webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)

  - webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543, CVE-2020-13584,     CVE-2020-9951)

  - webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)

  - gdm: inability to timely contact accountservice via dbus leads gnome-initial-setup to creation of account     with admin privileges (CVE-2020-16125)

  - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-1817)

  - webkitgtk: Memory initialization issue possibly leading to memory disclosure (CVE-2021-1820)

  - webkitgtk: Input validation issue leading to cross site scripting attack (CVE-2021-1825)

  - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-1826)

  - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30661)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : GNOME (RHSA-2021:1586)

high Nessus Plugin ID 149698

Version 1.12

Version 1.11

Version 1.10

Version 1.9

Version 1.9

Version 1.8

Version 1.12 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202404281425
Version 1.11 Oct 27, 2023, 4:19 PM STIG Severity (changed from "I" to "None") IAVM reference Plugin Feed: 202310271619
Version 1.10 May 25, 2023, 7:14 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2020-9983" to "CVE-2021-30661") Plugin Feed: 202305251914
Version 1.9 May 25, 2023, 12:55 AM Logic Changes (Added support for ppc64le architecture) Plugin Feed: 202305250055
Version 1.9 May 25, 2023, 5:09 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2020-9983" to "CVE-2021-30661") Plugin Feed: 202305251709
Version 1.8 Jan 23, 2023, 7:12 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301231912