6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.903 High
EPSS
Percentile
98.8%
This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558) :
Security vulnerabilities fixed :
CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553)
CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management.
(boo#1119554)
CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555)
CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556)
CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557)
CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558)
CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.
CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross-site scripting. A logic issue was addressed with improved validation.
CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
Other bug fixes and changes: Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.
Fix Web inspector magnifier under Wayland.
Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11.
Fix several crashes, race conditions, and rendering issues.
For a detailed list of changes, please refer to:
https://webkitgtk.org/security/WSA-2019-0001.html
https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
https://webkitgtk.org/security/WSA-2018-0009.html
https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:0497-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(122474);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/18");
script_cve_id(
"CVE-2018-4437",
"CVE-2018-4438",
"CVE-2018-4441",
"CVE-2018-4442",
"CVE-2018-4443",
"CVE-2018-4464",
"CVE-2019-6212",
"CVE-2019-6215",
"CVE-2019-6216",
"CVE-2019-6217",
"CVE-2019-6226",
"CVE-2019-6227",
"CVE-2019-6229",
"CVE-2019-6233",
"CVE-2019-6234"
);
script_name(english:"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0497-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for webkit2gtk3 to version 2.22.6 fixes the following
issues (boo#1124937 boo#1119558) :
Security vulnerabilities fixed :
CVE-2018-4437: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling. (boo#1119553)
CVE-2018-4438: Processing maliciously crafted web content may lead to
arbitrary code execution. A logic issue existed resulting in memory
corruption. This was addressed with improved state management.
(boo#1119554)
CVE-2018-4441: Processing maliciously crafted web content may lead to
arbitrary code execution. A memory corruption issue was addressed with
improved memory handling. (boo#1119555)
CVE-2018-4442: Processing maliciously crafted web content may lead to
arbitrary code execution. A memory corruption issue was addressed with
improved memory handling. (boo#1119556)
CVE-2018-4443: Processing maliciously crafted web content may lead to
arbitrary code execution. A memory corruption issue was addressed with
improved memory handling. (boo#1119557)
CVE-2018-4464: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling. (boo#1119558)
CVE-2019-6212: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling.
CVE-2019-6215: Processing maliciously crafted web content may lead to
arbitrary code execution. A type confusion issue was addressed with
improved memory handling.
CVE-2019-6216: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling.
CVE-2019-6217: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling.
CVE-2019-6226: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling.
CVE-2019-6227: Processing maliciously crafted web content may lead to
arbitrary code execution. A memory corruption issue was addressed with
improved memory handling.
CVE-2019-6229: Processing maliciously crafted web content may lead to
universal cross-site scripting. A logic issue was addressed with
improved validation.
CVE-2019-6233: Processing maliciously crafted web content may lead to
arbitrary code execution. A memory corruption issue was addressed with
improved memory handling.
CVE-2019-6234: Processing maliciously crafted web content may lead to
arbitrary code execution. A memory corruption issue was addressed with
improved memory handling.
Other bug fixes and changes: Make kinetic scrolling slow down smoothly
when reaching the ends of pages, instead of abruptly, to better match
the GTK+ behaviour.
Fix Web inspector magnifier under Wayland.
Fix garbled rendering of some websites (e.g. YouTube) while scrolling
under X11.
Fix several crashes, race conditions, and rendering issues.
For a detailed list of changes, please refer to:
https://webkitgtk.org/security/WSA-2019-0001.html
https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
https://webkitgtk.org/security/WSA-2018-0009.html
https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119553");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119554");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119555");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119557");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119558");
script_set_attribute(attribute:"see_also", value:"https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html");
script_set_attribute(attribute:"see_also", value:"https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html");
script_set_attribute(attribute:"see_also", value:"https://webkitgtk.org/security/WSA-2018-0009.html");
script_set_attribute(attribute:"see_also", value:"https://webkitgtk.org/security/WSA-2019-0001.html");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-4437/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-4438/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-4441/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-4442/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-4443/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-4464/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6212/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6215/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6216/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6217/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6226/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6227/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6229/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6233/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6234/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20190497-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?268ab889");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-2019-497=1
SUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t
patch SUSE-SLE-Module-Desktop-Applications-15-2019-497=1
SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2019-497=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6234");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/05");
script_set_attribute(attribute:"patch_publication_date", value:"2019/02/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit-jsc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libwebkit2gtk-4_0-37-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"typelib-1_0-WebKit2-4_0-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit-jsc-4-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit-jsc-4-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk3-debugsource-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk3-devel-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libwebkit2gtk-4_0-37-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"typelib-1_0-WebKit2-4_0-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit-jsc-4-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit-jsc-4-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk3-debugsource-2.22.6-3.18.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk3-devel-2.22.6-3.18.2")) flag++;
if (flag)
{
set_kb_item(name:'www/0/XSS', value:TRUE);
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkit2gtk3");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | libjavascriptcoregtk-4_0 | p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0 |
novell | suse_linux | webkit2gtk-4_0-injected-bundles-debuginfo | p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo |
novell | suse_linux | webkit2gtk3-devel | p-cpe:/a:novell:suse_linux:webkit2gtk3-devel |
novell | suse_linux | typelib-1_0-javascriptcore | p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore |
novell | suse_linux | webkit2gtk3-debugsource | p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource |
novell | suse_linux | libwebkit2gtk-4_0 | p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0 |
novell | suse_linux | libwebkit2gtk-4_0-37-debuginfo | p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo |
novell | suse_linux | webkit2gtk-4_0-injected-bundles | p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles |
novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
novell | suse_linux | webkit-jsc | p-cpe:/a:novell:suse_linux:webkit-jsc |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6226
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6234
www.nessus.org/u?268ab889
bugzilla.suse.com/show_bug.cgi?id=1119553
bugzilla.suse.com/show_bug.cgi?id=1119554
bugzilla.suse.com/show_bug.cgi?id=1119555
bugzilla.suse.com/show_bug.cgi?id=1119556
bugzilla.suse.com/show_bug.cgi?id=1119557
bugzilla.suse.com/show_bug.cgi?id=1119558
webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html
webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
webkitgtk.org/security/WSA-2018-0009.html
webkitgtk.org/security/WSA-2019-0001.html
www.suse.com/security/cve/CVE-2018-4437/
www.suse.com/security/cve/CVE-2018-4438/
www.suse.com/security/cve/CVE-2018-4441/
www.suse.com/security/cve/CVE-2018-4442/
www.suse.com/security/cve/CVE-2018-4443/
www.suse.com/security/cve/CVE-2018-4464/
www.suse.com/security/cve/CVE-2019-6212/
www.suse.com/security/cve/CVE-2019-6215/
www.suse.com/security/cve/CVE-2019-6216/
www.suse.com/security/cve/CVE-2019-6217/
www.suse.com/security/cve/CVE-2019-6226/
www.suse.com/security/cve/CVE-2019-6227/
www.suse.com/security/cve/CVE-2019-6229/
www.suse.com/security/cve/CVE-2019-6233/
www.suse.com/security/cve/CVE-2019-6234/
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.903 High
EPSS
Percentile
98.8%