The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4381 advisory.

  - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of     Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further     memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a     malicious webpage. (CVE-2021-21775)

  - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in     WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory     corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
    (CVE-2021-21779)

  - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially     crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim     needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)

  - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and     iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2021-30663)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS     7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously     crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may     have been actively exploited.. (CVE-2021-30665)

  - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and     iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak     sensitive user information. (CVE-2021-30682)

  - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and     iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content     may lead to universal cross site scripting. (CVE-2021-30689)

  - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and     iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access     restricted ports on arbitrary servers. (CVE-2021-30720)

  - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in     tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing     maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)

  - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security     origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,     watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
    (CVE-2021-30744)

  - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari     14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to     arbitrary code execution. (CVE-2021-30758)

  - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,     Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may     lead to arbitrary code execution. (CVE-2021-30795)

  - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big     Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.
    (CVE-2021-30797)

  - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS     14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing     maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Rocky Linux 8 : GNOME (RLSA-2021:4381)

critical Nessus Plugin ID 157823

Version 1.6

Version 1.5

Version 1.4

Version 1.4

Version 1.6 Nov 8, 2023, 3:41 PM CISA reference Plugin Feed: 202311081541
Version 1.5 Nov 7, 2023, 5:17 PM CVE (set "CVE" coverage to "CVE-2020-13558,CVE-2020-24870,CVE-2020-27918,CVE-2020-29623,CVE-2020-36241,CVE-2021-1765,CVE-2021-1788,CVE-2021-1789,CVE-2021-1799,CVE-2021-1801,CVE-2021-1844,CVE-2021-1870,CVE-2021-1871,CVE-2021-21775,CVE-2021-21779,CVE-2021-21806,CVE-2021-28650,CVE-2021-30663,CVE-2021-30665,CVE-2021-30682,CVE-2021-30689,CVE-2021-30720,CVE-2021-30734,CVE-2021-30744,CVE-2021-30749,CVE-2021-30758,CVE-2021-30795,CVE-2021-30797,CVE-2021-30799") CVSS metrics ("CVSSv3 score" set to 9.8. "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2021-1871") Detection (updated detection logic) Plugin metadata Plugin Feed: 202311071717
Version 1.4 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311
Version 1.4 Nov 7, 2023, 3:08 PM CVE (set "CVE" coverage to "CVE-2020-13558,CVE-2020-24870,CVE-2020-27918,CVE-2020-29623,CVE-2020-36241,CVE-2021-1765,CVE-2021-1788,CVE-2021-1789,CVE-2021-1799,CVE-2021-1801,CVE-2021-1844,CVE-2021-1870,CVE-2021-1871,CVE-2021-21775,CVE-2021-21779,CVE-2021-21806,CVE-2021-28650,CVE-2021-30663,CVE-2021-30665,CVE-2021-30682,CVE-2021-30689,CVE-2021-30720,CVE-2021-30734,CVE-2021-30744,CVE-2021-30749,CVE-2021-30758,CVE-2021-30795,CVE-2021-30797,CVE-2021-30799") CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2021-1871") Detection (updated detection logic) Plugin metadata Plugin Feed: 202311071508