NewStart CGSL CORE 5.05 / MAIN 5.05 : webkitgtk4 Multiple Vulnerabilities (NS-SA-2021-0166)

critical Nessus Plugin ID 154614

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has webkitgtk4 packages installed that are affected by multiple vulnerabilities:

- WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization.
This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-11070)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-6237, CVE-2019-8571, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619)

- WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-6251)

- A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-7285)

- A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2019-7292)

- A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. (CVE-2019-8503)

- A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8506)

- A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11.
Processing maliciously crafted web content may disclose sensitive user information. (CVE-2019-8515)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8518, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8523, CVE-2019-8524)

- A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8535)

- A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8536, CVE-2019-8544)

- A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8551)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8583, CVE-2019-8601, CVE-2019-8622, CVE-2019-8623)

- A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8625, CVE-2019-8719)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8644, CVE-2019-8666, CVE-2019-8671, CVE-2019-8673, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8686, CVE-2019-8687)

- A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8649)

- A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
(CVE-2019-8658)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8669, CVE-2019-8672, CVE-2019-8676, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8689)

- A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13.
Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8674)

- A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8690)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8707, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8710)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8743, CVE-2019-8765)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8763)

- A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8764)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8766)

- Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)

- An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)

- This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2019-8771)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8783, CVE-2019-8814, CVE-2019-8815, CVE-2019-8819, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808, CVE-2019-8812)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8811, CVE-2019-8816, CVE-2019-8820)

- A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2019-8813)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8835)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8844)

- A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2019-8846)

- WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. (CVE-2020-10018)

- A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). (CVE-2020-11793)

- A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. (CVE-2020-3862)

- A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. (CVE-2020-3864)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-3865, CVE-2020-3868)

- A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
(CVE-2020-3867)

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885)

- A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. (CVE-2020-3894)

- A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-3895, CVE-2020-3900)

- A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-3897)

- A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
(CVE-2020-3899)

- A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-3901)

- An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.
(CVE-2020-3902)

- A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)

- A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)

- A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL webkitgtk4 packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2021-0166

http://security.gd-linux.com/info/CVE-2019-11070

http://security.gd-linux.com/info/CVE-2019-6237

http://security.gd-linux.com/info/CVE-2019-6251

http://security.gd-linux.com/info/CVE-2019-7285

http://security.gd-linux.com/info/CVE-2019-7292

http://security.gd-linux.com/info/CVE-2019-8503

http://security.gd-linux.com/info/CVE-2019-8506

http://security.gd-linux.com/info/CVE-2019-8515

http://security.gd-linux.com/info/CVE-2019-8518

http://security.gd-linux.com/info/CVE-2019-8523

http://security.gd-linux.com/info/CVE-2019-8524

http://security.gd-linux.com/info/CVE-2019-8535

http://security.gd-linux.com/info/CVE-2019-8536

http://security.gd-linux.com/info/CVE-2019-8544

http://security.gd-linux.com/info/CVE-2019-8551

http://security.gd-linux.com/info/CVE-2019-8558

http://security.gd-linux.com/info/CVE-2019-8559

http://security.gd-linux.com/info/CVE-2019-8563

http://security.gd-linux.com/info/CVE-2019-8571

http://security.gd-linux.com/info/CVE-2019-8583

http://security.gd-linux.com/info/CVE-2019-8584

http://security.gd-linux.com/info/CVE-2019-8586

http://security.gd-linux.com/info/CVE-2019-8587

http://security.gd-linux.com/info/CVE-2019-8594

http://security.gd-linux.com/info/CVE-2019-8595

http://security.gd-linux.com/info/CVE-2019-8596

http://security.gd-linux.com/info/CVE-2019-8597

http://security.gd-linux.com/info/CVE-2019-8601

http://security.gd-linux.com/info/CVE-2019-8607

http://security.gd-linux.com/info/CVE-2019-8608

http://security.gd-linux.com/info/CVE-2019-8609

http://security.gd-linux.com/info/CVE-2019-8610

http://security.gd-linux.com/info/CVE-2019-8611

http://security.gd-linux.com/info/CVE-2019-8615

http://security.gd-linux.com/info/CVE-2019-8619

http://security.gd-linux.com/info/CVE-2019-8622

http://security.gd-linux.com/info/CVE-2019-8623

http://security.gd-linux.com/info/CVE-2019-8625

http://security.gd-linux.com/info/CVE-2019-8644

http://security.gd-linux.com/info/CVE-2019-8649

http://security.gd-linux.com/info/CVE-2019-8658

http://security.gd-linux.com/info/CVE-2019-8666

http://security.gd-linux.com/info/CVE-2019-8669

http://security.gd-linux.com/info/CVE-2019-8671

http://security.gd-linux.com/info/CVE-2019-8672

http://security.gd-linux.com/info/CVE-2019-8673

http://security.gd-linux.com/info/CVE-2019-8674

http://security.gd-linux.com/info/CVE-2019-8676

http://security.gd-linux.com/info/CVE-2019-8677

http://security.gd-linux.com/info/CVE-2019-8678

http://security.gd-linux.com/info/CVE-2019-8679

http://security.gd-linux.com/info/CVE-2019-8680

http://security.gd-linux.com/info/CVE-2019-8681

http://security.gd-linux.com/info/CVE-2019-8683

http://security.gd-linux.com/info/CVE-2019-8684

http://security.gd-linux.com/info/CVE-2019-8686

http://security.gd-linux.com/info/CVE-2019-8687

http://security.gd-linux.com/info/CVE-2019-8688

http://security.gd-linux.com/info/CVE-2019-8689

http://security.gd-linux.com/info/CVE-2019-8690

http://security.gd-linux.com/info/CVE-2019-8707

http://security.gd-linux.com/info/CVE-2019-8710

http://security.gd-linux.com/info/CVE-2019-8719

http://security.gd-linux.com/info/CVE-2019-8720

http://security.gd-linux.com/info/CVE-2019-8726

http://security.gd-linux.com/info/CVE-2019-8733

http://security.gd-linux.com/info/CVE-2019-8735

http://security.gd-linux.com/info/CVE-2019-8743

http://security.gd-linux.com/info/CVE-2019-8763

http://security.gd-linux.com/info/CVE-2019-8764

http://security.gd-linux.com/info/CVE-2019-8765

http://security.gd-linux.com/info/CVE-2019-8766

http://security.gd-linux.com/info/CVE-2019-8768

http://security.gd-linux.com/info/CVE-2019-8769

http://security.gd-linux.com/info/CVE-2019-8771

http://security.gd-linux.com/info/CVE-2019-8782

http://security.gd-linux.com/info/CVE-2019-8783

http://security.gd-linux.com/info/CVE-2019-8808

http://security.gd-linux.com/info/CVE-2019-8811

http://security.gd-linux.com/info/CVE-2019-8812

http://security.gd-linux.com/info/CVE-2019-8813

http://security.gd-linux.com/info/CVE-2019-8814

http://security.gd-linux.com/info/CVE-2019-8815

http://security.gd-linux.com/info/CVE-2019-8816

http://security.gd-linux.com/info/CVE-2019-8819

http://security.gd-linux.com/info/CVE-2019-8820

http://security.gd-linux.com/info/CVE-2019-8821

http://security.gd-linux.com/info/CVE-2019-8822

http://security.gd-linux.com/info/CVE-2019-8823

http://security.gd-linux.com/info/CVE-2019-8835

http://security.gd-linux.com/info/CVE-2019-8844

http://security.gd-linux.com/info/CVE-2019-8846

http://security.gd-linux.com/info/CVE-2020-10018

http://security.gd-linux.com/info/CVE-2020-11793

http://security.gd-linux.com/info/CVE-2020-3862

http://security.gd-linux.com/info/CVE-2020-3864

http://security.gd-linux.com/info/CVE-2020-3865

http://security.gd-linux.com/info/CVE-2020-3867

http://security.gd-linux.com/info/CVE-2020-3868

http://security.gd-linux.com/info/CVE-2020-3885

http://security.gd-linux.com/info/CVE-2020-3894

http://security.gd-linux.com/info/CVE-2020-3895

http://security.gd-linux.com/info/CVE-2020-3897

http://security.gd-linux.com/info/CVE-2020-3899

http://security.gd-linux.com/info/CVE-2020-3900

http://security.gd-linux.com/info/CVE-2020-3901

http://security.gd-linux.com/info/CVE-2020-3902

http://security.gd-linux.com/info/CVE-2021-30666

http://security.gd-linux.com/info/CVE-2021-30761

http://security.gd-linux.com/info/CVE-2021-30762

Plugin Details

Severity: Critical

ID: 154614

File Name: newstart_cgsl_NS-SA-2021-0166_webkitgtk4.nasl

Version: 1.8

Type: local

Published: 10/28/2021

Updated: 5/25/2022

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2020-3899

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

CVSS Score Source: CVE-2020-10018

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_core:webkitgtk4, p-cpe:/a:zte:cgsl_core:webkitgtk4-devel, p-cpe:/a:zte:cgsl_core:webkitgtk4-doc, p-cpe:/a:zte:cgsl_core:webkitgtk4-jsc, p-cpe:/a:zte:cgsl_core:webkitgtk4-jsc-devel, p-cpe:/a:zte:cgsl_main:webkitgtk4, p-cpe:/a:zte:cgsl_main:webkitgtk4-devel, p-cpe:/a:zte:cgsl_main:webkitgtk4-doc, p-cpe:/a:zte:cgsl_main:webkitgtk4-jsc, p-cpe:/a:zte:cgsl_main:webkitgtk4-jsc-devel, cpe:/o:zte:cgsl_core:5, cpe:/o:zte:cgsl_main:5

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2021

Vulnerability Publication Date: 1/14/2019

CISA Known Exploited Dates: 11/17/2021, 5/25/2022, 6/13/2022

Reference Information

CVE: CVE-2019-6237, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793, CVE-2021-30666, CVE-2021-30761, CVE-2021-30762