The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3864 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3864-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Emilio Pozuelo Monfort     September 02, 2024                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : webkit2gtk     Version        : 2.44.3-1~deb11u1     CVE ID         : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780                      CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794

    The following vulnerabilities have been discovered in the WebKitGTK     web engine:

    CVE-2024-4558

        An anonymous researcher discovered that processing maliciously         crafted web content may lead to an unexpected process crash.

    CVE-2024-40776

        Huang Xilin discovered that processing maliciously crafted web         content may lead to an unexpected process crash.

    CVE-2024-40779

        Huang Xilin discovered that processing maliciously crafted web         content may lead to an unexpected process crash.

    CVE-2024-40780

        Huang Xilin dicovered that processing maliciously crafted web         content may lead to an unexpected process crash.

    CVE-2024-40782

        Maksymilian Motyl discovered that processing maliciously crafted         web content may lead to an unexpected process crash.

    CVE-2024-40785

        Johan Carlsson discovered that processing maliciously crafted web         content may lead to a cross site scripting attack.

    CVE-2024-40789

        Seunghyun Lee discovered that processing maliciously crafted web         content may lead to an unexpected process crash.

    CVE-2024-40794

        Matthew Butler discovered that private Browsing tabs may be         accessed without authentication.

    For Debian 11 bullseye, these problems have been fixed in version     2.44.3-1~deb11u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3864 : gir1.2-javascriptcoregtk-4.0 - security update

critical Nessus Plugin ID 206423

Version 1.2

Version 1.1

Version 1.2 Dec 23, 2024, 9:17 AM Exploit attributes ("Exploit available" set to "True") CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 9.6) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2024-40785" to "CVE-2024-4558") CVSSv2 severity (based on CVE-2024-4558, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202412230917
Version 1.1 Sep 3, 2024, 1:05 AM New Plugin Feed: 202409030105