Details of VAR-201901-1009

ID

VAR-201901-1009

CVE

CVE-2018-4209

TITLE

plural Apple In product ASSERT Vulnerability that causes an error

Trust: 0.8

sources: JVNDB: JVNDB-2018-014284

DESCRIPTION

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. plural Apple The product includes ASSERT A vulnerability that causes an error exists.Through unexpected operations, ASSERT An error may be caused. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes for Windows is a media player application based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. Attackers can exploit this vulnerability to cause ASSERT to fail. The following products and versions are affected: Apple iOS prior to 11.3; Safari prior to 11.1; Windows-based iCloud prior to 7.4; tvOS prior to 11.3; watchOS prior to 4.3; Windows-based iTunes prior to 12.7.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0" References ========== [ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3781-1 October 03, 2018 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.22.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.22.2-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3781-1 CVE-2018-4191, CVE-2018-4197, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.22.2-0ubuntu0.18.04.1 . ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 ------------------------------------------------------------------------ Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore. CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit. CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements. CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, September 26, 2018

Trust: 1.98

sources: NVD: CVE-2018-4209 // JVNDB: JVNDB-2018-014284 // VULHUB: VHN-134240 // PACKETSTORM: 150560 // PACKETSTORM: 149655 // PACKETSTORM: 149605

AFFECTED PRODUCTS

vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.7.4	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.4	Trust: 1.0
vendor:	webkit	model:	webkitgtk\+	scope:	lt	version:	2.22.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	the webkitgtk team	model:	webkitgtk+	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.4 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (macos high sierra 10.13.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3 (apple watch all models )	Trust: 0.8

sources: JVNDB: JVNDB-2018-014284 // NVD: CVE-2018-4209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4209
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4209
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-403
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134240
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4209
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134240
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4209
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134240 // JVNDB: JVNDB-2018-014284 // CNNVD: CNNVD-201901-403 // NVD: CVE-2018-4209

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-134240 // JVNDB: JVNDB-2018-014284 // NVD: CVE-2018-4209

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 149655 // CNNVD: CNNVD-201901-403

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201901-403

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014284

PATCH

title:	HT208698	url:	https://support.apple.com/en-us/HT208698	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/en-us/HT208693	Trust: 0.8
title:	HT208695	url:	https://support.apple.com/en-us/HT208695	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/en-us/HT208696	Trust: 0.8
title:	HT208697	url:	https://support.apple.com/en-us/HT208697	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/ja-jp/HT208693	Trust: 0.8
title:	HT208695	url:	https://support.apple.com/ja-jp/HT208695	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/ja-jp/HT208696	Trust: 0.8
title:	HT208697	url:	https://support.apple.com/ja-jp/HT208697	Trust: 0.8
title:	HT208698	url:	https://support.apple.com/ja-jp/HT208698	Trust: 0.8
title:	USN-3781-1	url:	https://usn.ubuntu.com/3781-1/	Trust: 0.8
title:	Top Page	url:	https://webkitgtk.org/	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88567	Trust: 0.6

sources: JVNDB: JVNDB-2018-014284 // CNNVD: CNNVD-201901-403

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4209	Trust: 2.8
db:	JVN	id:	JVNVU92378299	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014284	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-403	Trust: 0.7
db:	VULHUB	id:	VHN-134240	Trust: 0.1
db:	PACKETSTORM	id:	150560	Trust: 0.1
db:	PACKETSTORM	id:	149655	Trust: 0.1
db:	PACKETSTORM	id:	149605	Trust: 0.1

sources: VULHUB: VHN-134240 // JVNDB: JVNDB-2018-014284 // PACKETSTORM: 150560 // PACKETSTORM: 149655 // PACKETSTORM: 149605 // CNNVD: CNNVD-201901-403 // NVD: CVE-2018-4209

REFERENCES

url:	https://security.gentoo.org/glsa/201812-04	Trust: 1.8
url:	https://support.apple.com/ht208694	Trust: 1.7
url:	https://usn.ubuntu.com/3781-1/	Trust: 1.7
url:	https://support.apple.com/en-us/ht208697	Trust: 1.6
url:	https://support.apple.com/en-us/ht208698	Trust: 1.6
url:	https://support.apple.com/en-us/ht208695	Trust: 1.6
url:	https://support.apple.com/en-us/ht208696	Trust: 1.6
url:	https://support.apple.com/en-us/ht208693	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4209	Trust: 1.1
url:	https://support.apple.com/ht208693%2c	Trust: 1.0
url:	https://support.apple.com/ht208695%2c	Trust: 1.0
url:	https://support.apple.com/ht208696%2c	Trust: 1.0
url:	https://support.apple.com/ht208697%2c	Trust: 1.0
url:	https://support.apple.com/ht208698%2c	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4209	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92378299/index.html	Trust: 0.8
url:	https://support.apple.com/ht208695	Trust: 0.6
url:	https://support.apple.com/ht208693	Trust: 0.6
url:	https://support.apple.com/ht208698	Trust: 0.6
url:	https://support.apple.com/ht208696	Trust: 0.6
url:	https://support.apple.com/ht208697	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4191	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4317	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4312	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4328	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4299	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4319	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4323	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4318	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4208	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4213	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4361	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4309	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4311	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4315	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4197	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4316	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4212	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4359	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4306	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4358	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4314	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4210	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4207	Trust: 0.2
url:	https://support.apple.com/ht208693,	Trust: 0.1
url:	https://support.apple.com/ht208695,	Trust: 0.1
url:	https://support.apple.com/ht208696,	Trust: 0.1
url:	https://support.apple.com/ht208697,	Trust: 0.1
url:	https://support.apple.com/ht208698,	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.22.2-0ubuntu0.18.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3781-1	Trust: 0.1
url:	https://wpewebkit.org/security/.	Trust: 0.1
url:	https://wpewebkit.org/security/wsa-2018-0007.html	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2018-0007.html	Trust: 0.1

CREDITS

Gentoo

Trust: 0.1

sources: PACKETSTORM: 150560

SOURCES

db:	VULHUB	id:	VHN-134240
db:	JVNDB	id:	JVNDB-2018-014284
db:	PACKETSTORM	id:	150560
db:	PACKETSTORM	id:	149655
db:	PACKETSTORM	id:	149605
db:	CNNVD	id:	CNNVD-201901-403
db:	NVD	id:	CVE-2018-4209

LAST UPDATE DATE

2024-08-14T12:56:03.427000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134240	date:	2019-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-014284	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201901-403	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2018-4209	date:	2023-11-07T02:58:22.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134240	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-014284	date:	2019-03-15T00:00:00
db:	PACKETSTORM	id:	150560	date:	2018-12-03T21:06:30
db:	PACKETSTORM	id:	149655	date:	2018-10-03T15:17:11
db:	PACKETSTORM	id:	149605	date:	2018-10-01T17:13:20
db:	CNNVD	id:	CNNVD-201901-403	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2018-4209	date:	2019-01-11T18:29:01.890