DATABASE RESOURCES PRICING ABOUT US

{"id": "APPLE:HT206903", "bulletinFamily": "software", "title": "About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## OS X El Capitan v10.11.6 and Security Update 2016-004\n\nReleased July 18, 2016\n\n**apache_mod_php**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.\n\nCVE-2016-5093\n\nCVE-2016-5094\n\nCVE-2016-5096\n\nCVE-2013-7456\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4647 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro; Jack Tang and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted audio file may lead to the disclosure of user information\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative\n\n**bsdiff**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking.\n\nCVE-2014-9862 : an anonymous researcher\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions.\n\nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc.\n\n**CFNetwork Credentials**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to elevate privileges\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**CoreGraphics**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4634 : Stefan Esser of SektionEins\n\n**ImageIO**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705 : Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4633 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOSurface**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A use-after-free was addressed through improved memory management.\n\nCVE-2016-4625 : Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent, CESG\n\n**Libc**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libc++abi**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4621 : an anonymous researcher\n\n**libexpat**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-0718 : Gustavo Grieco\n\n**LibreSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4640 : an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated November 16, 2016\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to the compromise of user information\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**OpenSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.\n\nCVE-2016-2105 : Guido Vranken\n\nCVE-2016-2106 : Guido Vranken\n\nCVE-2016-2107 : Juraj Somorovsky\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\nCVE-2016-2176 : Guido Vranken\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted SGI file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab\n\n**Safari Login AutoFill**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A user's password may be visible on screen\n\nDescription: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields.\n\nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\n**Sandbox Profiles**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\nOS X El Capitan v10.11.6 includes the security content of [Safari 9.1.2](<https://support.apple.com/kb/HT206900>).\n", "published": "2017-11-30T10:28:37", "modified": "2017-11-30T10:28:37", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://support.apple.com/kb/HT206903", "reporter": "Apple", "references": [], "cvelist": ["CVE-2016-4634", "CVE-2014-9862", "CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4646", "CVE-2016-4645", "CVE-2016-4649", "CVE-2016-4643", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4598", "CVE-2016-4652", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4602", "CVE-2016-4638", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-2108", "CVE-2013-7456", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4629", "CVE-2016-4632", "CVE-2016-4630", "CVE-2016-2105", "CVE-2016-4600", "CVE-2016-4483", "CVE-2016-2107", "CVE-2016-4642", "CVE-2016-0718", "CVE-2016-4647", "CVE-2016-6559", "CVE-2016-2109", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4621", "CVE-2016-4449", "CVE-2016-4648", "CVE-2016-4595", "CVE-2016-4625", "CVE-2016-4448", "CVE-2016-4599", "CVE-2016-4635", "CVE-2016-4615", "CVE-2016-4633", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-2176", "CVE-2016-4597", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-5096", "CVE-2016-4641", "CVE-2016-4447", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4596", "CVE-2016-4601", "CVE-2016-2106", "CVE-2016-4594", "CVE-2016-4639", "CVE-2016-4640"], "type": "apple", "lastseen": "2020-12-24T20:43:48", "edition": 3, "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY20.ASC"]}, {"type": "altlinux", "idList": ["29E77B84F0912F2ABB753A2B43C020CA", "6E8B796A6FEE95047EFD1F1579BB3755", "CA02D996C51FDE4696ED5DEAE9A556FD"]}, {"type": "amazon", "idList": ["ALAS-2015-628", "ALAS-2016-695", "ALAS-2016-706", "ALAS-2016-707", "ALAS-2016-719", "ALAS-2016-775", "ALAS2-2019-1220"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-2108"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-07-01", "ANDROID:2016-11-01", "ANDROID:2017-07-01", "ANDROID:2018-07-01"]}, {"type": "apple", "idList": ["APPLE:004B37C869B56A0F993458CA68A5A5C1", "APPLE:08DDC9EE4E7DEBCD387FA33304B8E244", "APPLE:138B6A194013E2308AFAD7088D94B143", "APPLE:198F1AB81F91F2CEB090B4B4D49C57AD", "APPLE:3299E9EFA9B676AE490ABAACC350C359", "APPLE:6675EF5C2567C41D8B07EDE19642D215", "APPLE:888E607C6699469D7890D958FC8D36F7", "APPLE:8DE1B81CB3F1FAE2DFA54423887EED84", "APPLE:9A0B3B0DFCDD94CAF1819BEC271E3754", "APPLE:A698320079BD7F6AF117CDE3A822068D", "APPLE:AD3C9159192D0BE1FCE85D24889D3B53", "APPLE:D2896F9EF4E86DBA2ADA7F8FB613BAEF", "APPLE:HT206564", "APPLE:HT206566", "APPLE:HT206567", "APPLE:HT206568", "APPLE:HT206899", "APPLE:HT206901", "APPLE:HT206902", "APPLE:HT206904", "APPLE:HT206905", "APPLE:HT207598", "APPLE:HT207599"]}, {"type": "archlinux", "idList": ["ASA-201605-22", "ASA-201605-23", "ASA-201605-27", "ASA-201605-28", "ASA-201605-3", "ASA-201605-4", "ASA-201608-2"]}, {"type": "centos", "idList": ["CESA-2015:2549", "CESA-2015:2550", "CESA-2016:0722", "CESA-2016:0996", "CESA-2016:1137", "CESA-2016:1292", "CESA-2016:2824"]}, {"type": "cert", "idList": ["VU:548487", "VU:905344"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0349", "CPAI-2016-0722"]}, {"type": "chrome", "idList": ["GCSA-1386466693674220568"]}, {"type": "cisco", "idList": ["CISCO-SA-20160504-OPENSSL"]}, {"type": "citrix", "idList": ["CTX212736", "CTX233832"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0207AE2406224805196D7BD19402D596", "CFOUNDRY:1EC71DA3FB8309BFA0C5B2A494033370", "CFOUNDRY:381607FCA8ED551B94852EC217ED57BD", "CFOUNDRY:7021C5270A461D6FC34DE4CA651C34EE", "CFOUNDRY:A337239F424A4FF8B4435FA8FCEBDE22", "CFOUNDRY:DCC31D4961650B41BAF732BB0B28B011", "CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62", "CFOUNDRY:FCF85BFA2C233642C61F93CC876C044C"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2013-7456", "CVE-2014-9862", "CVE-2015-8317", "CVE-2016-0718", "CVE-2016-0719", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4621", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4652", "CVE-2016-4653", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5770", "CVE-2016-6559", "CVE-2016-7705", "CVE-2016-9598", "CVE-2016-9892"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1860-1:B68F6", "DEBIAN:DLA-1860-1:DBF7E", "DEBIAN:DLA-2010-1:08F47", "DEBIAN:DLA-355-1:F71E7", "DEBIAN:DLA-456-1:BB65D", "DEBIAN:DLA-483-1:3C429", "DEBIAN:DLA-503-1:11947", "DEBIAN:DLA-503-1:6F8B6", "DEBIAN:DLA-514-1:04721", "DEBIAN:DLA-514-1:6326F", "DEBIAN:DLA-533-1:70F1F", "DEBIAN:DLA-628-1:9ADD4", "DEBIAN:DLA-697-1:EF152", "DEBIAN:DSA-3430-1:21018", "DEBIAN:DSA-3430-1:A974A", "DEBIAN:DSA-3566-1:D74F5", "DEBIAN:DSA-3582-1:BA58B", "DEBIAN:DSA-3582-1:D0BF8", "DEBIAN:DSA-3587-1:2D681", "DEBIAN:DSA-3587-1:DCAF4", "DEBIAN:DSA-3590-1:B6DFB", "DEBIAN:DSA-3590-1:CDFD8", "DEBIAN:DSA-3593-1:95A95", "DEBIAN:DSA-3593-1:F14D3", "DEBIAN:DSA-3602-1:4BD74", "DEBIAN:DSA-3602-1:52B21", "DEBIAN:DSA-3605-1:E22C9", "DEBIAN:DSA-3605-1:F75C0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7456", "DEBIANCVE:CVE-2014-9862", "DEBIANCVE:CVE-2015-8317", "DEBIANCVE:CVE-2016-0718", "DEBIANCVE:CVE-2016-1683", "DEBIANCVE:CVE-2016-1684", "DEBIANCVE:CVE-2016-1836", "DEBIANCVE:CVE-2016-2105", "DEBIANCVE:CVE-2016-2106", "DEBIANCVE:CVE-2016-2107", "DEBIANCVE:CVE-2016-2108", "DEBIANCVE:CVE-2016-2109", "DEBIANCVE:CVE-2016-2176", "DEBIANCVE:CVE-2016-4447", "DEBIANCVE:CVE-2016-4448", "DEBIANCVE:CVE-2016-4449", "DEBIANCVE:CVE-2016-4483", "DEBIANCVE:CVE-2016-4608", "DEBIANCVE:CVE-2016-4609", "DEBIANCVE:CVE-2016-4610", "DEBIANCVE:CVE-2016-5093", "DEBIANCVE:CVE-2016-5770", "DEBIANCVE:CVE-2016-9598"]}, {"type": "f5", "idList": ["F5:K07538415", "F5:K23230229", "F5:K24322529", "F5:K31434612", "F5:K36488941", "F5:K41103561", "F5:K43449212", "F5:K47145213", "F5:K48220300", "F5:K51390683", "F5:K51920288", "F5:K52320548", "F5:K61570943", "F5:K63914421", "F5:K75152412", "F5:K93600123", "F5:K95375529", "SOL07538415", "SOL23230229", "SOL36488941", "SOL41103561", "SOL43449212", "SOL47145213", "SOL51390683", "SOL51920288", "SOL75152412", "SOL93600123", "SOL95375529"]}, {"type": "fedora", "idList": ["FEDORA:09EA7605EEEE", "FEDORA:44719604F0C3", "FEDORA:56D376268FDB", "FEDORA:589D6611864A", "FEDORA:58BAF60A0C7C", "FEDORA:6DCC66067328", "FEDORA:83611602E3DE", "FEDORA:A3C8D604C8B1", "FEDORA:A67E660ABD9C", "FEDORA:A7F076CB1D2F", "FEDORA:B94EB6035093", "FEDORA:CE47B60C0506", "FEDORA:D1EB860677B7", "FEDORA:F246160CFDB3"]}, {"type": "fortinet", "idList": ["FG-IR-16-026"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "0282269D-BBEE-11E6-B1CF-14DAE9D210B8", "1A2AA04F-3718-11E6-B3C8-14DAE9D210B8", "57B3ABA7-1E25-11E6-8DD3-002590263BF5", "6B110175-246D-11E6-8DD3-002590263BF5", "7D4F4955-600A-11E6-A6C3-14DAE9D210B8", "8719B935-8BAE-41AD-92BA-3C826F651219", "9164F51E-AE20-11E7-A633-009C02A2AB30", "AA1AEFE3-6E37-47DB-BFDA-343EF4ACB1B5", "CA5CB202-4F51-11E6-B2EC-B499BAEBFEAF", "E195679D-045B-4953-BB33-BE0073BA2AC6"]}, {"type": "gentoo", "idList": ["GLSA-201607-07", "GLSA-201612-16", "GLSA-201701-21", "GLSA-201701-37", "GLSA-202003-44"]}, {"type": "hackerone", "idList": ["H1:134880", "H1:194761", "H1:197253", "H1:293126"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20160706-01-OPENSSL"]}, {"type": "ibm", "idList": ["03180DAB39E0A4D2F6A125A173EDF5A9BB41D6EC602F0BC77B45013371762493", "0A94A36BE877692B2F0AB97F5081AA5C3010CDF94C05C7E8B0C0AC4E64BEBA67", "0D47C7769287938EB442E2F39E254DDE66244236B79EDE211167EFA894D23D52", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "1381DDC2EB11D20FD35FD5133E3BDD2833703D883F98CAA012F0CFBF823F4A6D", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "1736B585D80ED031E004E1AC38E590615C7E0F6FE6AB8A15B1B90CB8EC998277", "17516BE1FEE8576600E7288D935EC0669C18FADD0D7BDD7B213E021E851E7F7D", "1DBA3A7D9DCDF5DF3B1C23AC68EF5B2905CA8E9CA20132E42E93B5F76D0B472E", "1E2DFD1B919A2E774921AB01DBFD031EF4B85DBDB3FF58C6A33FC16C44A81962", "200EB5D05FDD22F6EA7DB38F81D5DFDB97686B3E63B80F435FD2CC4BE274FC98", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "2406147E7F1A480D16DAF974D9B99C2725C43B01A994C65A6210C059B36B3A7F", "2830C710B20404D6B16EF9CB8161B321F59F7341D8798630B8603B369CA4ED57", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "366FA55EE0B09B40AABB041DB433F5E49FC0E42F7988440387EBE3EED9DBAE91", "3899BD4528C3DED11372760AAF676C3C87D98D5142D95E7CEE23A06644E3B197", "39CAE5EE9A0F3DE219E28E6A3BE90E3B8E089FF2AA4C74E8BE3A4E2714716AC5", "3D12006C995C2C683E173419369377B400C7252133E8CFEEEC83E09104078893", "3D32F9B38D46DF89EF7AEC91E44C48557AF1A0BE8B9EBD7772ADE328CB0FB68E", "3D8FDE7968ABA760558720CA4A80A6D2DCB86FBD9F1DC2A4B967E4B4455B70F7", "3F80F1C5995CB0E287AB72B1E8BF8C924AB58095FF03363465C1CD78E76837BF", "4278728D85C79F2084FC36711DAAF10C86E475C8E6940F2111DD155F1C48C0FA", "46799FCDE18E3EFD375868A79B70BC4BEDEC133C2495D8AA8CF81D91E7DEF01A", "4E0F3F37822FD6C37F3F06A94F967EABE3AAC2F9D4382E4932DAA8EA6754AFF7", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "4EB6375AC60D18EF5D589BC88A70CB0698048440611BD71DE666FEA37A17ED94", "6082EF9EEC65FC8C759FD4BD5D61B617F34A710731C703A12F4C0E537B571626", "6253D6195173C24D2F250E5EBA9E1FFC8DBDFC9645E89016FCD04E6F2D9EBEB3", "62DB70FCF6301104005FF9FB20C71886DC177ADAE354920858B0940C223989CD", "63DAB7532D89108F5D2DC3FDE381EF3F537B4BD859941C18E4BAD485F5223BE3", "6462C32DE99179992F8C64543E89AF398F52D4EC4011332DE97CEB61ACA131B0", "6A2E92D36FABC1D54E354DFAE40C5959271B5DD0561E7165A41D0F6CCD6A7B7C", "71287AE4CE0581C72F06753C539A7241F1E17982652C11764313ACD3CF0ADC7B", "72ECA624F1897E880B20E3BA243FE78C6A66224FD180FE337A72D958F8C9A7F0", "7435CAB17C7B1C1069C3EB726DEA812F07C54831A0B35542AF5A14F7922DE787", "7B4213446CB84EFED4BED9B33BF9ADE018D19B2B18FEDEA6428DF1362125D6CA", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E2F62106B895325A750D4AC20BF018E0EF2AE3D85B9685ADBC3048C8D7487CA", "802538304F01065B2827B08F583BE8B36F2EB7C11AE879DD4BF44A7339230B9E", "82D348B7AC274B1F17A78CC906F5DDC3A5C96BD23F4BB13600CC22F46FFF3EFD", "838CBA92067043DDA704BB0F004792D82A30A7E58F2A62B231AA22AF446EADE8", "863FA459105EFBD6DCE605FC1459B4D8311ECF67250CF8C24ACC2170FE3FF7D1", "8A062C54043BB0CF7A61252E03FA7EAA12FF8430AE6C1DCE76464220A82D6828", "8A7CBA2B71D5656EA1045254861664DE723E7E42111C9EB7B46C28B35C734DA5", "8B33DE18424CFF523B0A425148577938EB85F0E79D969257FB90B1EB074C37DE", "8F13F4EE8B910A92B92C8DD018149C78F48C383F056136515FDBDBE8B31054AA", "8F1916DF16BCE9B41284F1A9B9374A7B3967DF92C2D2FD403A184D97F5FAEAC1", "926064F28B2809B4877A8EA78CF19B1BD358570ECBEF53DC9ABC59798101D756", "92D11E24F34620A6FE2D4691E3050E4E91C0E161FD1B94C9116E157ADB7BACCC", "95C2166E43A3844158C127A63BEE990F476F0FFC80988625C50E6A864E13875C", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "9B62CAF06445F7A9F3CB323F735964F6F62E516F86B9B57472BC20182276D3FA", "A75CF978305062012B0B6A4CC62CA7EB1F166F128DE714368CFD89193833D8DE", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "AACF6F6443D6B1F43A3B1EB2158C0974A7E3740F82735809A14DB68D406E34ED", "B008610A37C6D22744FBFF511A07C43195D3F707766A5E89AB1E4CFCD0DE65C5", "B180B820F6F3D6EDAC7172E78991F02AFB09886A95FE4CB55E9318F8D116CF4C", "B22C029F5DE1AFDA33C7E45788FCA8B344362343E55B19D3803A4CCFD8492525", "B405B568B68AFEA07B8166064FAA890F3BF9F3CC511F9A01DE32970B8A066315", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "C9A098A495C84449FE37F5185D9511BAF41B34B7A322B48105FF2EE7EC21E28E", "CA3DB267748FEDA044673A3E7FFA6B9A5493629747388C6C0E74CA01703CD7CD", "D0A0F46532042E5EFF0B318CEB20930919394C41E25AF5EF8781A9600DF06A94", "D209AAB4C0E35A5C114E62A6D853762DB0AA9080D963F0EECA922C5D3ED15307", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D4D9239D39380DAAAF0663AA50B7560152F0E3980E2EE27DD40046B16E4D33B3", "D5D68C274689503F08DAB338007FECB9B03D6956ECF160CECB37263C1DB02BAC", "D5DA548187DF2EFE03F7040FF05BC360041CF8C1CFAF6CD126E5A8B7D72A93AC", "D72A0C415B119A7C9B23F86DD064BC1B807F804023ACB9AEECC913B6F63B2320", "D911317A5AB78973EC0BCDD274D56A8146D89345FD34F13DAEEC08B6503FEAE0", "D97523F351811F117C3809A675614FA0AA4991E5EDCB8B79553402FA3DF8666B", "DAE66C3F24DC9C9F32A4918C846A8F515A6E526CE6B4F5F2BBF09EFE18B62398", "E03A484CF469BD6B2DAECCB473A7503A0790E5B2AA59D4D44D65E89DF09A125C", "E5020E25CC0D31B3DD625C72F6EB591C437E68772CFDB40BEECC3F7C69328CB0", "E67441CCF9840E74E9AC61C45895075B9F65BB9C0A44EFD9BE418AA4A069F2CD", "E919E9A36C657D0228D3DA8A63FA716B3583174E73FC9F478D6A0F12BD9E2448", "F22F8C611651BB5F2E58AC10F1F1DBEBF4869D3A824C40D9FE14FEE332E57295", "F409CD49EEB82894701C6794E7636605DF8DB2E0BCBE414974A02F713F90F794", "F8A3D4A9CDB2E69EDABA736EFD7D24F77520D958AFA106D11E5EF76D4D31E151", "F988C4692D2E552B4E225648097C2785A4DF9A107750563427C783A0CDEE0C5B", "F9C3BC218F02B41A1EE998B0C9BACBCBA2A26044AA17D86E90806B1B4853903B", "FA37EFD6BCDF8414B1B01DD06C96E0D1E771E69F214D77948CB831C765C409D8", "FAA2B691DD1E76E786CADE53CD8A2391FDC6BE6F5B14624181F6008CE76C4E36", "FB725790185B6C1D6E94DE5593F9324A99EFC707F2DA722AC7D3588D3D90484E", "FC2A12A3D5CDFFAEF50A77215E69039CD0E678811823B3B21F6B390DAB68C2C0"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00067"]}, {"type": "jvn", "idList": ["JVN:17535578"]}, {"type": "kaspersky", "idList": ["KLA10816", "KLA10847"]}, {"type": "kitploit", "idList": ["KITPLOIT:8024306166267359540"]}, {"type": "mageia", "idList": ["MGASA-2015-0457", "MGASA-2016-0169", "MGASA-2016-0193", "MGASA-2016-0213", "MGASA-2016-0217", "MGASA-2016-0263", "MGASA-2016-0288"]}, {"type": "mozilla", "idList": ["MFSA2016-68"]}, {"type": "nessus", "idList": ["802004.PRM", "802005.PRM", "802026.PRM", "9332.PRM", "9337.PRM", "9372.PASL", "9389.PRM", "9390.PRM", "9392.PRM", "9393.PRM", "9430.PRM", "9441.PRM", "9445.PRM", "9480.PASL", "9758.PRM", "AIX_OPENSSL_ADVISORY20.NASL", "AL2_ALAS-2019-1220.NASL", "ALA_ALAS-2015-628.NASL", "ALA_ALAS-2016-695.NASL", "ALA_ALAS-2016-706.NASL", "ALA_ALAS-2016-707.NASL", "ALA_ALAS-2016-719.NASL", "ALA_ALAS-2016-775.NASL", "APPLETV_9_2_1.NASL", "APPLETV_9_2_2.NASL", "APPLE_IOS_101_CHECK.NBIN", "APPLE_IOS_932_CHECK.NBIN", "APPLE_IOS_933_CHECK.NBIN", "ARISTA_EOS_SA0020.NASL", "BLUECOAT_PROXY_SG_6_5_9_8.NASL", "CENTOS_RHSA-2015-2549.NASL", "CENTOS_RHSA-2015-2550.NASL", "CENTOS_RHSA-2016-0722.NASL", "CENTOS_RHSA-2016-0996.NASL", "CENTOS_RHSA-2016-1137.NASL", "CENTOS_RHSA-2016-1292.NASL", "CENTOS_RHSA-2016-2824.NASL", "CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL", "CITRIX_XENSERVER_CTX212736.NASL", "DEBIAN_DLA-1860.NASL", "DEBIAN_DLA-2010.NASL", "DEBIAN_DLA-355.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DLA-483.NASL", "DEBIAN_DLA-503.NASL", "DEBIAN_DLA-514.NASL", "DEBIAN_DLA-533.NASL", "DEBIAN_DLA-628.NASL", "DEBIAN_DLA-697.NASL", "DEBIAN_DSA-3430.NASL", "DEBIAN_DSA-3566.NASL", "DEBIAN_DSA-3582.NASL", "DEBIAN_DSA-3587.NASL", "DEBIAN_DSA-3590.NASL", "DEBIAN_DSA-3593.NASL", "DEBIAN_DSA-3602.NASL", "DEBIAN_DSA-3605.NASL", "EULEROS_SA-2017-1002.NASL", "EULEROS_SA-2019-1446.NASL", "EULEROS_SA-2019-1795.NASL", "EULEROS_SA-2019-1798.NASL", "EULEROS_SA-2019-1858.NASL", "EULEROS_SA-2019-1861.NASL", "EULEROS_SA-2019-1865.NASL", "EULEROS_SA-2019-1928.NASL", "EULEROS_SA-2019-2013.NASL", "EULEROS_SA-2019-2043.NASL", "EULEROS_SA-2019-2212.NASL", "EULEROS_SA-2019-2217.NASL", "EULEROS_SA-2019-2221.NASL", "EULEROS_SA-2019-2271.NASL", "EULEROS_SA-2019-2438.NASL", "EULEROS_SA-2019-2519.NASL", "EULEROS_SA-2019-2627.NASL", "EULEROS_SA-2019-2649.NASL", "EULEROS_SA-2020-1208.NASL", "EULEROS_SA-2020-1215.NASL", "EULEROS_SA-2020-1442.NASL", "EULEROS_SA-2020-1474.NASL", "EULEROS_SA-2020-1619.NASL", "EULEROS_SA-2020-1637.NASL", "EULEROS_SA-2020-1747.NASL", "F5_BIGIP_SOL23230229.NASL", "F5_BIGIP_SOL24322529.NASL", "F5_BIGIP_SOL36488941.NASL", "F5_BIGIP_SOL43449212.NASL", "F5_BIGIP_SOL48220300.NASL", "F5_BIGIP_SOL51390683.NASL", "F5_BIGIP_SOL51920288.NASL", "F5_BIGIP_SOL52320548.NASL", "F5_BIGIP_SOL61570943.NASL", "F5_BIGIP_SOL75152412.NASL", "F5_BIGIP_SOL93600123.NASL", "FEDORA_2016-05C567DF1A.NASL", "FEDORA_2016-0FD6CA526A.NASL", "FEDORA_2016-1411324654.NASL", "FEDORA_2016-1E39D934ED.NASL", "FEDORA_2016-60889583AB.NASL", "FEDORA_2016-65F1FFDC0C.NASL", "FEDORA_2016-6B1938566F.NASL", "FEDORA_2016-7C6E7A9265.NASL", "FEDORA_2016-B967AC1A74.NASL", "FEDORA_2016-C558E58B21.NASL", "FEDORA_2016-E1234B65A2.NASL", "FEDORA_2017-A3A47973EB.NASL", "FEDORA_2017-BE8574D593.NASL", "FEDORA_2019-320D5295FC.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_0282269DBBEE11E6B1CF14DAE9D210B8.NASL", "FREEBSD_PKG_1A2AA04F371811E6B3C814DAE9D210B8.NASL", "FREEBSD_PKG_57B3ABA71E2511E68DD3002590263BF5.NASL", "FREEBSD_PKG_6B110175246D11E68DD3002590263BF5.NASL", "FREEBSD_PKG_7D4F4955600A11E6A6C314DAE9D210B8.NASL", "FREEBSD_PKG_8719B9358BAE41AD92BA3C826F651219.NASL", "FREEBSD_PKG_9164F51EAE2011E7A633009C02A2AB30.NASL", "FREEBSD_PKG_AA1AEFE36E3747DBBFDA343EF4ACB1B5.NASL", "FREEBSD_PKG_CA5CB2024F5111E6B2ECB499BAEBFEAF.NASL", "FREEBSD_PKG_E195679D045B4953BB33BE0073BA2AC6.NASL", "GENTOO_GLSA-201607-07.NASL", "GENTOO_GLSA-201612-16.NASL", "GENTOO_GLSA-201701-21.NASL", "GENTOO_GLSA-201701-37.NASL", "GENTOO_GLSA-202003-44.NASL", "GOOGLE_CHROME_51_0_2704_63.NASL", "HPSMH_7_6.NASL", "IBM_HTTP_SERVER_548231.NASL", "ITUNES_12_4_2.NASL", "ITUNES_12_4_2_BANNER.NASL", "ITUNES_12_6.NASL", "ITUNES_12_6_BANNER.NASL", "JUNIPER_JSA10759.NASL", "JUNIPER_JSA10916.NASL", "LCE_4_8_1.NASL", "MACOSX_10_11_5.NASL", "MACOSX_10_11_6.NASL", "MACOSX_FIREFOX_48.NASL", "MACOSX_GOOGLE_CHROME_51_0_2704_63.NASL", "MACOSX_SECUPD2016-003.NASL", "MACOSX_SECUPD2016-004.NASL", "MACOS_ITUNES_12_6.NASL", "MOZILLA_FIREFOX_48.NASL", "MYSQL_5_6_31.NASL", "MYSQL_5_6_31_RPM.NASL", "MYSQL_5_7_13.NASL", "MYSQL_5_7_13_RPM.NASL", "NESSUS_TNS_2016_11.NASL", "OPENSSL_1_0_1O.NASL", "OPENSSL_1_0_1T.NASL", "OPENSSL_1_0_2C.NASL", "OPENSSL_1_0_2H.NASL", "OPENSSL_AES_NI_PADDING_ORACLE.NASL", "OPENSUSE-2015-959.NASL", "OPENSUSE-2016-1283.NASL", "OPENSUSE-2016-1289.NASL", "OPENSUSE-2016-32.NASL", "OPENSUSE-2016-561.NASL", "OPENSUSE-2016-562.NASL", "OPENSUSE-2016-563.NASL", "OPENSUSE-2016-564.NASL", "OPENSUSE-2016-565.NASL", "OPENSUSE-2016-575.NASL", "OPENSUSE-2016-652.NASL", "OPENSUSE-2016-660.NASL", "OPENSUSE-2016-682.NASL", "OPENSUSE-2016-695.NASL", "OPENSUSE-2016-703.NASL", "OPENSUSE-2016-715.NASL", "OPENSUSE-2016-733.NASL", "OPENSUSE-2016-734.NASL", "OPENSUSE-2016-776.NASL", "OPENSUSE-2016-937.NASL", "OPENSUSE-2016-946.NASL", "OPENSUSE-2016-960.NASL", "OPENSUSE-2017-255.NASL", "ORACLELINUX_ELSA-2015-2549.NASL", "ORACLELINUX_ELSA-2015-2550.NASL", "ORACLELINUX_ELSA-2016-0722.NASL", "ORACLELINUX_ELSA-2016-0996.NASL", "ORACLELINUX_ELSA-2016-1137.NASL", "ORACLELINUX_ELSA-2016-1292.NASL", "ORACLELINUX_ELSA-2016-2824.NASL", "ORACLELINUX_ELSA-2016-3576.NASL", "ORACLEVM_OVMSA-2015-0152.NASL", "ORACLEVM_OVMSA-2016-0049.NASL", "ORACLEVM_OVMSA-2016-0086.NASL", "ORACLEVM_OVMSA-2016-0087.NASL", "ORACLEVM_OVMSA-2016-0135.NASL", "ORACLEVM_OVMSA-2016-0168.NASL", "ORACLE_ACCESS_MANAGER_WEBGATE_CVE_2016_2107.NBIN", "ORACLE_E-BUSINESS_CPU_OCT_2016.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2016_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL", "PFSENSE_SA-16_04.NASL", "PFSENSE_SA-16_08.NASL", "PFSENSE_SA-17_03.NASL", "PHP_5_5_36.NASL", "PHP_5_6_22.NASL", "PHP_7_0_7.NASL", "PVS_5_2_0.NASL", "REDHAT-RHSA-2015-2549.NASL", "REDHAT-RHSA-2015-2550.NASL", "REDHAT-RHSA-2016-0722.NASL", "REDHAT-RHSA-2016-0996.NASL", "REDHAT-RHSA-2016-1137.NASL", "REDHAT-RHSA-2016-1190.NASL", "REDHAT-RHSA-2016-1292.NASL", "REDHAT-RHSA-2016-1648.NASL", "REDHAT-RHSA-2016-1649.NASL", "REDHAT-RHSA-2016-2073.NASL", "REDHAT-RHSA-2016-2824.NASL", "REDHAT-RHSA-2017-0193.NASL", "REDHAT-RHSA-2017-0194.NASL", "SCREENOS_JSA10759.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SLACKWARE_SSA_2016-148-01.NASL", "SLACKWARE_SSA_2016-148-03.NASL", "SLACKWARE_SSA_2016-359-01.NASL", "SLACKWARE_SSA_2017-266-02.NASL", "SLACKWARE_SSA_2018-124-01.NASL", "SL_20151207_LIBXML2_ON_SL6_X.NASL", "SL_20151207_LIBXML2_ON_SL7_X.NASL", "SL_20160509_OPENSSL_ON_SL7_X.NASL", "SL_20160510_OPENSSL_ON_SL6_X.NASL", "SL_20160531_OPENSSL_ON_SL5_X.NASL", "SL_20160623_LIBXML2_ON_SL6_X.NASL", "SL_20161128_EXPAT_ON_SL6_X.NASL", "SPLUNK_642.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2016-0030-1.NASL", "SUSE_SU-2016-0049-1.NASL", "SUSE_SU-2016-1228-1.NASL", "SUSE_SU-2016-1233-1.NASL", "SUSE_SU-2016-1267-1.NASL", "SUSE_SU-2016-1290-1.NASL", "SUSE_SU-2016-1360-1.NASL", "SUSE_SU-2016-1508-1.NASL", "SUSE_SU-2016-1512-1.NASL", "SUSE_SU-2016-1538-1.NASL", "SUSE_SU-2016-1581-1.NASL", "SUSE_SU-2016-1604-1.NASL", "SUSE_SU-2016-1633-1.NASL", "SUSE_SU-2016-1638-1.NASL", "SUSE_SU-2017-0461-1.NASL", "SUSE_SU-2017-0585-1.NASL", "SUSE_SU-2017-0605-1.NASL", "SUSE_SU-2018-0112-1.NASL", "SUSE_SU-2020-0497-1.NASL", "SYMANTEC_CONTENT_ANALYSIS_SYMSA1377.NASL", "UBUNTU_USN-2834-1.NASL", "UBUNTU_USN-2959-1.NASL", "UBUNTU_USN-2983-1.NASL", "UBUNTU_USN-2992-1.NASL", "UBUNTU_USN-2994-1.NASL", "UBUNTU_USN-3013-1.NASL", "UBUNTU_USN-3030-1.NASL", "UBUNTU_USN-3044-1.NASL", "UBUNTU_USN-3045-1.NASL", "UBUNTU_USN-3235-1.NASL", "UBUNTU_USN-3271-1.NASL", "UBUNTU_USN-4500-1.NASL", "VIRTUALBOX_5_0_22.NASL", "WEB_APPLICATION_SCANNING_98812", "WEB_APPLICATION_SCANNING_98853"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2016-2105", "OPENSSL:CVE-2016-2106", "OPENSSL:CVE-2016-2107", "OPENSSL:CVE-2016-2108", "OPENSSL:CVE-2016-2109", "OPENSSL:CVE-2016-2176"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105732", "OPENVAS:1361412562310105844", "OPENVAS:1361412562310106262", "OPENVAS:1361412562310106267", "OPENVAS:1361412562310106355", "OPENVAS:1361412562310106390", "OPENVAS:1361412562310106510", "OPENVAS:1361412562310107141", "OPENVAS:1361412562310107149", "OPENVAS:1361412562310120618", "OPENVAS:1361412562310120684", "OPENVAS:1361412562310120695", "OPENVAS:1361412562310120696", "OPENVAS:1361412562310120708", "OPENVAS:1361412562310122794", "OPENVAS:1361412562310122795", "OPENVAS:1361412562310122924", "OPENVAS:1361412562310131140", "OPENVAS:1361412562310131285", "OPENVAS:1361412562310140019", "OPENVAS:1361412562310140020", "OPENVAS:1361412562310141826", "OPENVAS:1361412562310703430", "OPENVAS:1361412562310703566", "OPENVAS:1361412562310703582", "OPENVAS:1361412562310703587", "OPENVAS:1361412562310703590", "OPENVAS:1361412562310703593", "OPENVAS:1361412562310703602", "OPENVAS:1361412562310703605", "OPENVAS:1361412562310806695", "OPENVAS:1361412562310807333", "OPENVAS:1361412562310807334", "OPENVAS:1361412562310807336", "OPENVAS:1361412562310807569", "OPENVAS:1361412562310807570", "OPENVAS:1361412562310807816", "OPENVAS:1361412562310807817", "OPENVAS:1361412562310807997", "OPENVAS:1361412562310808016", "OPENVAS:1361412562310808029", "OPENVAS:1361412562310808311", "OPENVAS:1361412562310808348", "OPENVAS:1361412562310808374", "OPENVAS:1361412562310808403", "OPENVAS:1361412562310808407", "OPENVAS:1361412562310808469", "OPENVAS:1361412562310808476", "OPENVAS:1361412562310808590", "OPENVAS:1361412562310808596", "OPENVAS:1361412562310808640", "OPENVAS:1361412562310808641", "OPENVAS:1361412562310808791", "OPENVAS:1361412562310808792", "OPENVAS:1361412562310808793", "OPENVAS:1361412562310808794", "OPENVAS:1361412562310808946", "OPENVAS:1361412562310810209", "OPENVAS:1361412562310810210", "OPENVAS:1361412562310810227", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310810725", "OPENVAS:1361412562310813437", "OPENVAS:1361412562310842557", "OPENVAS:1361412562310842729", "OPENVAS:1361412562310842768", "OPENVAS:1361412562310842782", "OPENVAS:1361412562310842783", "OPENVAS:1361412562310842800", "OPENVAS:1361412562310842827", "OPENVAS:1361412562310842844", "OPENVAS:1361412562310842847", "OPENVAS:1361412562310843097", "OPENVAS:1361412562310843148", "OPENVAS:1361412562310851289", "OPENVAS:1361412562310851295", "OPENVAS:1361412562310851296", "OPENVAS:1361412562310851297", "OPENVAS:1361412562310851298", "OPENVAS:1361412562310851299", "OPENVAS:1361412562310851308", "OPENVAS:1361412562310851309", "OPENVAS:1361412562310851321", "OPENVAS:1361412562310851322", "OPENVAS:1361412562310851325", "OPENVAS:1361412562310851326", "OPENVAS:1361412562310851329", "OPENVAS:1361412562310851331", "OPENVAS:1361412562310851332", "OPENVAS:1361412562310851337", "OPENVAS:1361412562310851340", "OPENVAS:1361412562310851341", "OPENVAS:1361412562310851375", "OPENVAS:1361412562310851377", "OPENVAS:1361412562310851430", "OPENVAS:1361412562310851505", "OPENVAS:1361412562310871513", "OPENVAS:1361412562310871514", "OPENVAS:1361412562310871610", "OPENVAS:1361412562310871614", "OPENVAS:1361412562310871625", "OPENVAS:1361412562310871634", "OPENVAS:1361412562310871723", "OPENVAS:1361412562310872590", "OPENVAS:1361412562310872591", "OPENVAS:1361412562310876512", "OPENVAS:1361412562310882486", "OPENVAS:1361412562310882496", "OPENVAS:1361412562310882513", "OPENVAS:1361412562310882515", "OPENVAS:1361412562310882602", "OPENVAS:1361412562310891860", "OPENVAS:1361412562310892010", "OPENVAS:1361412562311220171002", "OPENVAS:1361412562311220191446", "OPENVAS:1361412562311220191795", "OPENVAS:1361412562311220191798", "OPENVAS:1361412562311220191858", "OPENVAS:1361412562311220191861", "OPENVAS:1361412562311220191865", "OPENVAS:1361412562311220191928", "OPENVAS:1361412562311220192013", "OPENVAS:1361412562311220192043", "OPENVAS:1361412562311220192212", "OPENVAS:1361412562311220192217", "OPENVAS:1361412562311220192221", "OPENVAS:1361412562311220192271", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562311220192519", "OPENVAS:1361412562311220192627", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562311220201208", "OPENVAS:1361412562311220201215", "OPENVAS:1361412562311220201442", "OPENVAS:1361412562311220201474", "OPENVAS:1361412562311220201619", "OPENVAS:1361412562311220201637", "OPENVAS:1361412562311220201747", "OPENVAS:703430", "OPENVAS:703566", "OPENVAS:703582", "OPENVAS:703587", "OPENVAS:703590", "OPENVAS:703593", "OPENVAS:703602", "OPENVAS:703605"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2017-3236618", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2017-2881727", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2017-3236622", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2016-2881722", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2017-3236626", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2549", "ELSA-2015-2550", "ELSA-2016-0722", "ELSA-2016-0996", "ELSA-2016-1137", "ELSA-2016-1292", "ELSA-2016-2824", "ELSA-2016-3556", "ELSA-2016-3558", "ELSA-2016-3571", "ELSA-2016-3576", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-1860-1", "OSV:DLA-2010-1", "OSV:DLA-355-1", "OSV:DLA-456-1", "OSV:DLA-483-1", "OSV:DLA-503-1", "OSV:DLA-514-1", "OSV:DLA-533-1", "OSV:DLA-628-1", "OSV:DLA-697-1", "OSV:DSA-3430-1", "OSV:DSA-3566-1", "OSV:DSA-3582-1", "OSV:DSA-3587-1", "OSV:DSA-3590-1", "OSV:DSA-3593-1", "OSV:DSA-3602-1", "OSV:DSA-3605-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141350", "PACKETSTORM:143369"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0020", "PAN-SA-2016-0023"]}, {"type": "redhat", "idList": ["RHSA-2015:2549", "RHSA-2015:2550", "RHSA-2016:0722", "RHSA-2016:0996", "RHSA-2016:1137", "RHSA-2016:1190", "RHSA-2016:1292", "RHSA-2016:1648", "RHSA-2016:1649", "RHSA-2016:2073", "RHSA-2016:2750", "RHSA-2016:2824", "RHSA-2016:2957", "RHSA-2017:0193", "RHSA-2017:0194", "RHSA-2018:2486"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-0718", "RH:CVE-2016-1683", "RH:CVE-2016-1684", "RH:CVE-2016-1836", "RH:CVE-2016-2105", "RH:CVE-2016-2106", "RH:CVE-2016-2107", "RH:CVE-2016-2108", "RH:CVE-2016-2176", "RH:CVE-2016-4447", "RH:CVE-2016-4448", "RH:CVE-2016-4449", "RH:CVE-2016-4483", "RH:CVE-2016-4607", "RH:CVE-2016-4608", "RH:CVE-2016-4609", "RH:CVE-2016-4610", "RH:CVE-2016-5093", "RH:CVE-2016-5095", "RH:CVE-2016-9598"]}, {"type": "rubygems", "idList": ["RUBY:NOKOGIRI-2015-5312"]}, {"type": "seebug", "idList": ["SSV:91447", "SSV:91448", "SSV:92725", "SSV:96727", "SSV:96728", "SSV:96729", "SSV:96730"]}, {"type": "slackware", "idList": ["SSA-2016-124-01", "SSA-2016-148-01", "SSA-2016-148-03", "SSA-2016-359-01", "SSA-2017-266-02", "SSA-2018-124-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1237-1", "OPENSUSE-SU-2016:1238-1", "OPENSUSE-SU-2016:1239-1", "OPENSUSE-SU-2016:1240-1", "OPENSUSE-SU-2016:1241-1", "OPENSUSE-SU-2016:1242-1", "OPENSUSE-SU-2016:1243-1", "OPENSUSE-SU-2016:1273-1", "OPENSUSE-SU-2016:1430-1", "OPENSUSE-SU-2016:1433-1", "OPENSUSE-SU-2016:1441-1", "OPENSUSE-SU-2016:1496-1", "OPENSUSE-SU-2016:1523-1", "OPENSUSE-SU-2016:1553-1", "OPENSUSE-SU-2016:1566-1", "OPENSUSE-SU-2016:1594-1", "OPENSUSE-SU-2016:1595-1", "OPENSUSE-SU-2016:1964-1", "OPENSUSE-SU-2016:2026-1", "OPENSUSE-SU-2016:2769-1", "OPENSUSE-SU-2016:2788-1", "SUSE-SU-2016:0786-1", "SUSE-SU-2016:1206-1", "SUSE-SU-2016:1228-1", "SUSE-SU-2016:1231-1", "SUSE-SU-2016:1233-1", "SUSE-SU-2016:1267-1", "SUSE-SU-2016:1290-1", "SUSE-SU-2016:1360-1", "SUSE-SU-2016:1508-1", "SUSE-SU-2016:1512-1", "SUSE-SU-2016:1538-1", "SUSE-SU-2016:1581-1", "SUSE-SU-2016:1604-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2018:0112-1"]}, {"type": "symantec", "idList": ["SMNTC-1363", "SMNTC-1377"]}, {"type": "talos", "idList": ["TALOS-2016-0171", "TALOS-2016-0180", "TALOS-2016-0181", "TALOS-2016-0186"]}, {"type": "thn", "idList": ["THN:7CACCDBBDB47286572F59C67E92AF821", "THN:E0AF6C382BD287E05D4AE838AED49209", "THN:F95BED040A4B56A9B0A6D552DB79AEE2"]}, {"type": "threatpost", "idList": ["THREATPOST:54145B143BF11C716167531924DBD4F1", "THREATPOST:9180E89ACB1A53E40E37CBF08CB87A4C", "THREATPOST:B36AB6343785674ABA567F7D7483C4E0", "THREATPOST:C67169E038FB8F98C9DE037029EB7D5A"]}, {"type": "ubuntu", "idList": ["USN-2834-1", "USN-2959-1", "USN-2983-1", "USN-2992-1", "USN-2994-1", "USN-3013-1", "USN-3030-1", "USN-3044-1", "USN-3045-1", "USN-3235-1", "USN-3271-1", "USN-4500-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7456", "UB:CVE-2014-9862", "UB:CVE-2015-8317", "UB:CVE-2016-0718", "UB:CVE-2016-1683", "UB:CVE-2016-1684", "UB:CVE-2016-1836", "UB:CVE-2016-2105", "UB:CVE-2016-2106", "UB:CVE-2016-2107", "UB:CVE-2016-2108", "UB:CVE-2016-2109", "UB:CVE-2016-2176", "UB:CVE-2016-4447", "UB:CVE-2016-4448", "UB:CVE-2016-4449", "UB:CVE-2016-4483", "UB:CVE-2016-4607", "UB:CVE-2016-4608", "UB:CVE-2016-4609", "UB:CVE-2016-4610", "UB:CVE-2016-4614", "UB:CVE-2016-4615", "UB:CVE-2016-4616", "UB:CVE-2016-5093", "UB:CVE-2016-5094", "UB:CVE-2016-5095", "UB:CVE-2016-5096", "UB:CVE-2016-5770", "UB:CVE-2016-9598"]}, {"type": "zdi", "idList": ["ZDI-16-431", "ZDI-16-432", "ZDI-16-433", "ZDI-16-434", "ZDI-16-435", "ZDI-16-436", "ZDI-16-437", "ZDI-16-438", "ZDI-16-439", "ZDI-16-496", "ZDI-16-638", "ZDI-16-639", "ZDI-16-640"]}, {"type": "zdt", "idList": ["1337DAY-ID-25990", "1337DAY-ID-26173", "1337DAY-ID-26174", "1337DAY-ID-26177", "1337DAY-ID-26495", "1337DAY-ID-27146"]}]}, "score": {"value": 0.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2015-628"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-2108"]}, {"type": "apple", "idList": ["APPLE:9A0B3B0DFCDD94CAF1819BEC271E3754"]}, {"type": "archlinux", "idList": ["ASA-201605-28"]}, {"type": "centos", "idList": ["CESA-2015:2549", "CESA-2016:0722", "CESA-2016:1137", "CESA-2016:1292", "CESA-2016:2824"]}, {"type": "cert", "idList": ["VU:905344"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0349"]}, {"type": "cisco", "idList": ["CISCO-SA-20160504-OPENSSL"]}, {"type": "citrix", "idList": ["CTX233832"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:FCF85BFA2C233642C61F93CC876C044C"]}, {"type": "cve", "idList": ["CVE-2014-9862", "CVE-2015-8317", "CVE-2016-0718", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4621", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4652", "CVE-2016-4653"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2010-1:08F47", "DEBIAN:DSA-3587-1:DCAF4", "DEBIAN:DSA-3593-1:95A95", "DEBIAN:DSA-3602-1:52B21"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-0718"]}, {"type": "f5", "idList": ["F5:K23230229", "F5:K43449212", "F5:K48220300", "SOL07538415", "SOL23230229", "SOL36488941", "SOL47145213", "SOL51920288", "SOL75152412"]}, {"type": "fedora", "idList": ["FEDORA:58BAF60A0C7C", "FEDORA:D1EB860677B7"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "1A2AA04F-3718-11E6-B3C8-14DAE9D210B8", "57B3ABA7-1E25-11E6-8DD3-002590263BF5", "6B110175-246D-11E6-8DD3-002590263BF5", "7D4F4955-600A-11E6-A6C3-14DAE9D210B8", "8719B935-8BAE-41AD-92BA-3C826F651219"]}, {"type": "gentoo", "idList": ["GLSA-202003-44"]}, {"type": "hackerone", "idList": ["H1:134880"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20160706-01-OPENSSL"]}, {"type": "ibm", "idList": ["17516BE1FEE8576600E7288D935EC0669C18FADD0D7BDD7B213E021E851E7F7D", "1E2DFD1B919A2E774921AB01DBFD031EF4B85DBDB3FF58C6A33FC16C44A81962", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "3F80F1C5995CB0E287AB72B1E8BF8C924AB58095FF03363465C1CD78E76837BF", "4278728D85C79F2084FC36711DAAF10C86E475C8E6940F2111DD155F1C48C0FA", "4E0F3F37822FD6C37F3F06A94F967EABE3AAC2F9D4382E4932DAA8EA6754AFF7", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "D72A0C415B119A7C9B23F86DD064BC1B807F804023ACB9AEECC913B6F63B2320", "FAA2B691DD1E76E786CADE53CD8A2391FDC6BE6F5B14624181F6008CE76C4E36"]}, {"type": "jvn", "idList": ["JVN:17535578"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-ITUNES-CVE-2016-1683/", "MSF:ILITIES/APPLE-OSX-QUICKTIME-CVE-2016-4600/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2016-1683/"]}, {"type": "mozilla", "idList": ["MFSA2016-68"]}, {"type": "nessus", "idList": ["9445.PRM", "AIX_OPENSSL_ADVISORY20.NASL", "ALA_ALAS-2016-695.NASL", "ALA_ALAS-2016-706.NASL", "APPLETV_9_2_1.NASL", "APPLE_IOS_933_CHECK.NBIN", "CENTOS_RHSA-2015-2549.NASL", "CENTOS_RHSA-2016-1137.NASL", "CITRIX_XENSERVER_CTX212736.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DLA-483.NASL", "DEBIAN_DLA-514.NASL", "DEBIAN_DLA-533.NASL", "DEBIAN_DSA-3566.NASL", "DEBIAN_DSA-3587.NASL", "DEBIAN_DSA-3590.NASL", "EULEROS_SA-2019-2013.NASL", "EULEROS_SA-2019-2271.NASL", "EULEROS_SA-2020-1215.NASL", "EULEROS_SA-2020-1474.NASL", "F5_BIGIP_SOL52320548.NASL", "FEDORA_2016-05C567DF1A.NASL", "FEDORA_2016-0FD6CA526A.NASL", "FEDORA_2016-1411324654.NASL", "FEDORA_2016-1E39D934ED.NASL", "FEDORA_2016-60889583AB.NASL", "FEDORA_2016-65F1FFDC0C.NASL", "FEDORA_2016-6B1938566F.NASL", "FEDORA_2016-7C6E7A9265.NASL", "FEDORA_2016-B967AC1A74.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_1A2AA04F371811E6B3C814DAE9D210B8.NASL", "FREEBSD_PKG_57B3ABA71E2511E68DD3002590263BF5.NASL", "FREEBSD_PKG_7D4F4955600A11E6A6C314DAE9D210B8.NASL", "GENTOO_GLSA-201607-07.NASL", "GOOGLE_CHROME_51_0_2704_63.NASL", "ITUNES_12_4_2.NASL", "JUNIPER_JSA10916.NASL", "MACOSX_GOOGLE_CHROME_51_0_2704_63.NASL", "MACOSX_SECUPD2016-003.NASL", "MYSQL_5_6_31.NASL", "MYSQL_5_6_31_RPM.NASL", "MYSQL_5_7_13.NASL", "MYSQL_5_7_13_RPM.NASL", "OPENSUSE-2015-959.NASL", "OPENSUSE-2016-561.NASL", "OPENSUSE-2016-562.NASL", "OPENSUSE-2016-564.NASL", "OPENSUSE-2016-575.NASL", "OPENSUSE-2016-652.NASL", "OPENSUSE-2016-682.NASL", "OPENSUSE-2016-703.NASL", "OPENSUSE-2016-715.NASL", "OPENSUSE-2016-776.NASL", "OPENSUSE-2016-946.NASL", "ORACLELINUX_ELSA-2016-1137.NASL", "ORACLELINUX_ELSA-2016-3576.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "PHP_5_6_22.NASL", "PHP_7_0_7.NASL", "REDHAT-RHSA-2016-1137.NASL", "REDHAT-RHSA-2016-1190.NASL", "REDHAT-RHSA-2016-1292.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SLACKWARE_SSA_2016-148-01.NASL", "SLACKWARE_SSA_2016-148-03.NASL", "SL_20160531_OPENSSL_ON_SL5_X.NASL", "SUSE_SU-2016-1228-1.NASL", "SUSE_SU-2016-1233-1.NASL", "SUSE_SU-2016-1538-1.NASL", "UBUNTU_USN-2959-1.NASL", "UBUNTU_USN-2983-1.NASL", "UBUNTU_USN-2992-1.NASL", "WEB_APPLICATION_SCANNING_98853"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2016-2105"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106267", "OPENVAS:1361412562310107149", "OPENVAS:1361412562310703430", "OPENVAS:1361412562310808476", "OPENVAS:1361412562310808640", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310842729", "OPENVAS:1361412562310851322", "OPENVAS:1361412562310851375", "OPENVAS:1361412562310871513", "OPENVAS:1361412562310882486", "OPENVAS:1361412562311220191446", "OPENVAS:1361412562311220192627", "OPENVAS:703593"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2549", "ELSA-2016-1137"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0023"]}, {"type": "redhat", "idList": ["RHSA-2016:1137", "RHSA-2016:1292", "RHSA-2016:2073"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-2105", "RH:CVE-2016-2176"]}, {"type": "seebug", "idList": ["SSV:96729"]}, {"type": "slackware", "idList": ["SSA-2018-124-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1237-1", "OPENSUSE-SU-2016:1238-1", "OPENSUSE-SU-2016:1240-1", "OPENSUSE-SU-2016:1243-1", "OPENSUSE-SU-2016:1430-1", "OPENSUSE-SU-2016:1433-1", "OPENSUSE-SU-2016:1496-1", "OPENSUSE-SU-2016:1553-1", "OPENSUSE-SU-2016:1566-1", "OPENSUSE-SU-2016:2769-1", "SUSE-SU-2016:1206-1", "SUSE-SU-2016:1228-1", "SUSE-SU-2016:1231-1", "SUSE-SU-2016:1233-1", "SUSE-SU-2016:1267-1", "SUSE-SU-2016:1508-1"]}, {"type": "symantec", "idList": ["SMNTC-1377"]}, {"type": "talos", "idList": ["TALOS-2016-0171", "TALOS-2016-0186"]}, {"type": "thn", "idList": ["THN:E0AF6C382BD287E05D4AE838AED49209", "THN:F95BED040A4B56A9B0A6D552DB79AEE2"]}, {"type": "threatpost", "idList": ["THREATPOST:54145B143BF11C716167531924DBD4F1", "THREATPOST:B36AB6343785674ABA567F7D7483C4E0"]}, {"type": "ubuntu", "idList": ["USN-2983-1", "USN-3044-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9862"]}, {"type": "zdi", "idList": ["ZDI-16-431", "ZDI-16-432", "ZDI-16-433", "ZDI-16-434", "ZDI-16-435", "ZDI-16-436", "ZDI-16-437", "ZDI-16-438", "ZDI-16-439", "ZDI-16-496"]}, {"type": "zdt", "idList": ["1337DAY-ID-26495"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "security update", "version": 2016}, {"name": "os x mavericks v", "version": 10}, {"name": "os x el capitan v", "version": 10}, {"name": "os x el capitan v", "version": 10}, {"name": "and os x el capitan v", "version": 10}, {"name": "os x yosemite v", "version": 10}]}, "epss": [{"cve": "CVE-2016-4634", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2014-9862", "epss": "0.961400000", "percentile": "0.991480000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4653", "epss": "0.000450000", "percentile": "0.125640000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4626", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4614", "epss": "0.014740000", "percentile": "0.847390000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4646", "epss": "0.007320000", "percentile": "0.778200000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4645", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4649", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4643", "epss": "0.001250000", "percentile": "0.452490000", "modified": "2023-03-20"}, {"cve": "CVE-2015-8317", "epss": "0.010790000", "percentile": "0.820560000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1836", "epss": "0.004510000", "percentile": "0.711790000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4598", "epss": "0.011930000", "percentile": "0.829710000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4652", "epss": "0.000450000", "percentile": "0.125640000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4616", "epss": "0.014740000", "percentile": "0.847390000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4644", "epss": "0.001220000", "percentile": "0.447760000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4602", "epss": "0.007480000", "percentile": "0.780810000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4638", "epss": "0.001520000", "percentile": "0.497190000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4582", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4610", "epss": "0.010650000", "percentile": "0.819360000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4609", "epss": "0.010650000", "percentile": "0.819360000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2108", "epss": "0.914900000", "percentile": "0.983050000", "modified": "2023-03-20"}, {"cve": "CVE-2013-7456", "epss": "0.015330000", "percentile": "0.850380000", "modified": "2023-03-20"}, {"cve": "CVE-2016-1863", "epss": "0.000430000", "percentile": "0.075770000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4629", "epss": "0.054430000", "percentile": "0.919600000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4632", "epss": "0.023920000", "percentile": "0.881870000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4630", "epss": "0.024880000", "percentile": "0.884020000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2105", "epss": "0.048080000", "percentile": "0.914350000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4600", "epss": "0.007480000", "percentile": "0.780810000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4483", "epss": "0.005560000", "percentile": "0.741450000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2107", "epss": "0.974000000", "percentile": "0.998350000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4642", "epss": "0.001970000", "percentile": "0.558950000", "modified": "2023-03-20"}, {"cve": "CVE-2016-0718", "epss": "0.002170000", "percentile": "0.579410000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4647", "epss": "0.000450000", "percentile": "0.125640000", "modified": "2023-03-20"}, {"cve": "CVE-2016-6559", "epss": "0.020650000", "percentile": "0.872700000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2109", "epss": "0.165770000", "percentile": "0.951480000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4607", "epss": "0.013010000", "percentile": "0.837690000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4637", "epss": "0.019030000", "percentile": "0.866950000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4621", "epss": "0.001870000", "percentile": "0.544550000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4449", "epss": "0.005040000", "percentile": "0.727930000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4648", "epss": "0.000450000", "percentile": "0.125640000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4595", "epss": "0.001180000", "percentile": "0.441470000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4625", "epss": "0.000420000", "percentile": "0.004970000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4448", "epss": "0.005760000", "percentile": "0.746230000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4599", "epss": "0.009150000", "percentile": "0.804320000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4635", "epss": "0.001850000", "percentile": "0.540750000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4615", "epss": "0.014740000", "percentile": "0.847390000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4633", "epss": "0.002370000", "percentile": "0.600290000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5093", "epss": "0.014320000", "percentile": "0.845380000", "modified": "2023-03-19"}, {"cve": "CVE-2016-5094", "epss": "0.029770000", "percentile": "0.893330000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2176", "epss": "0.066720000", "percentile": "0.926740000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4597", "epss": "0.007480000", "percentile": "0.780810000", "modified": "2023-03-20"}, {"cve": "CVE-2016-1683", "epss": "0.007480000", "percentile": "0.780780000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1684", "epss": "0.014630000", "percentile": "0.846880000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4608", "epss": "0.013010000", "percentile": "0.837690000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5096", "epss": "0.040530000", "percentile": "0.907330000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4641", "epss": "0.000670000", "percentile": "0.273100000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4447", "epss": "0.001810000", "percentile": "0.535630000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4631", "epss": "0.010980000", "percentile": "0.822030000", "modified": "2023-03-20"}, {"cve": "CVE-2016-1865", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4596", "epss": "0.007480000", "percentile": "0.780810000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4601", "epss": "0.007480000", "percentile": "0.780810000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2106", "epss": "0.075810000", "percentile": "0.930850000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4594", "epss": "0.002270000", "percentile": "0.591300000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4639", "epss": "0.000850000", "percentile": "0.345560000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4640", "epss": "0.002370000", "percentile": "0.600290000", "modified": "2023-03-20"}], "vulnersScore": 0.8}, "affectedSoftware": [{"name": "security update", "operator": "lt", "version": "2016"}, {"name": "os x mavericks v", "operator": "eq", "version": "10.9.5"}, {"name": "os x el capitan v", "operator": "lt", "version": "10.11.6"}, {"name": "os x el capitan v", "operator": "eq", "version": "10.11"}, {"name": "and os x el capitan v", "operator": "eq", "version": "10.11"}, {"name": "os x yosemite v", "operator": "eq", "version": "10.10.5"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "_state": {"dependencies": 1659998956, "score": 1659877105, "affected_software_major_version": 1666695388, "epss": 1679323282}, "_internal": {"score_hash": "67fc0a56c9d87806d592f2febc9c693b"}}

{"apple": [{"lastseen": "2021-11-10T17:01:08", "description": "# About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004\n\nThis document describes the security content of OS X El Capitan v10.11.6 and Security Update 2016-004.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## OS X El Capitan v10.11.6 and Security Update 2016-004\n\nReleased July 18, 2016\n\n**apache_mod_php**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.\n\nCVE-2016-5093\n\nCVE-2016-5094\n\nCVE-2016-5096\n\nCVE-2013-7456\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4647 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro; Jack Tang and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted audio file may lead to the disclosure of user information\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative\n\n**bsdiff**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking.\n\nCVE-2014-9862 : an anonymous researcher\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions.\n\nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc.\n\n**CFNetwork Credentials**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to elevate privileges\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**CoreGraphics**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4634 : Stefan Esser of SektionEins\n\n**ImageIO**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705 : Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4633 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOSurface**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A use-after-free was addressed through improved memory management.\n\nCVE-2016-4625 : Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent, CESG\n\n**Libc**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libc++abi**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4621 : an anonymous researcher\n\n**libexpat**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-0718 : Gustavo Grieco\n\n**LibreSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4640 : an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated November 16, 2016\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to the compromise of user information\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**OpenSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.\n\nCVE-2016-2105 : Guido Vranken\n\nCVE-2016-2106 : Guido Vranken\n\nCVE-2016-2107 : Juraj Somorovsky\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\nCVE-2016-2176 : Guido Vranken\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted SGI file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab\n\n**Safari Login AutoFill**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A user's password may be visible on screen\n\nDescription: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields.\n\nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\n**Sandbox Profiles**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\nOS X El Capitan v10.11.6 includes the security content of [Safari 9.1.2](<https://support.apple.com/kb/HT206900>).\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2014-9862", "CVE-2015-8317", "CVE-2016-0718", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4621", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4652", "CVE-2016-4653", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-6559", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:08DDC9EE4E7DEBCD387FA33304B8E244", "href": "https://support.apple.com/kb/HT206903", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:53", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 2.2.2\n\nReleased July 18, 2016\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HP's Zero Day Initiative\n\nEntry added July 29, 2016\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-30T10:36:40", "title": "About the security content of watchOS 2.2.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4632", "CVE-2016-4483", "CVE-2016-6559", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4628", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-4650", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4594", "CVE-2016-4627"], "modified": "2017-11-30T10:36:40", "id": "APPLE:HT206904", "href": "https://support.apple.com/kb/HT206904", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:11", "description": "# About the security content of watchOS 2.2.2\n\nThis document describes the security content of watchOS 2.2.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 2.2.2\n\nReleased July 18, 2016\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HP's Zero Day Initiative\n\nEntry added July 29, 2016\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of watchOS 2.2.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4628", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4650", "CVE-2016-4653", "CVE-2016-6559", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:6675EF5C2567C41D8B07EDE19642D215", "href": "https://support.apple.com/kb/HT206904", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:58", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.4.2 for Windows\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-06-10T11:47:52", "title": "About the security content of iTunes 12.4.2 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4449", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447"], "modified": "2017-06-10T11:47:52", "id": "APPLE:HT206901", "href": "https://support.apple.com/kb/HT206901", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:46", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 5.2.1\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-06-10T11:43:45", "title": "About the security content of iCloud for Windows 5.2.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4449", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447"], "modified": "2017-06-10T11:43:45", "id": "APPLE:HT206899", "href": "https://support.apple.com/kb/HT206899", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:06", "description": "# About the security content of iCloud for Windows 5.2.1\n\nThis document describes the security content of iCloud for Windows 5.2.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 5.2.1\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 10, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 5.2.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616"], "modified": "2016-07-18T00:00:00", "id": "APPLE:A698320079BD7F6AF117CDE3A822068D", "href": "https://support.apple.com/kb/HT206899", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:06", "description": "# About the security content of iTunes 12.4.2 for Windows\n\nThis document describes the security content of iTunes 12.4.2 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.4.2 for Windows\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 10, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.4.2 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616"], "modified": "2016-07-18T00:00:00", "id": "APPLE:AD3C9159192D0BE1FCE85D24889D3B53", "href": "https://support.apple.com/kb/HT206901", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:26", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 9.2.2\n\nReleased July 18, 2016\n\n**CFNetwork Credentials**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab(@keen_lab), Tencent\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4586 : Apple\n\nCVE-2016-4588 : Apple\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary\n\ncode execution\n\nDescription: Multiple memory corruption issues were addressed\n\nthrough improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-30T10:32:51", "title": "About the security content of tvOS 9.2.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4587", "CVE-2016-4584", "CVE-2016-4643", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4623", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4583", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4632", "CVE-2016-4624", "CVE-2016-4483", "CVE-2016-4586", "CVE-2016-4642", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4588", "CVE-2016-4448", "CVE-2016-4591", "CVE-2016-4589", "CVE-2016-4615", "CVE-2016-4622", "CVE-2016-4585", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4627"], "modified": "2017-11-30T10:32:51", "id": "APPLE:HT206905", "href": "https://support.apple.com/kb/HT206905", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:07", "description": "# About the security content of tvOS 9.2.2\n\nThis document describes the security content of tvOS 9.2.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 9.2.2\n\nReleased July 18, 2016\n\n**CFNetwork Credentials**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab(@keen_lab), Tencent\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4586 : Apple\n\nCVE-2016-4588 : Apple\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary\n\ncode execution\n\nDescription: Multiple memory corruption issues were addressed\n\nthrough improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of tvOS 9.2.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4587", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4653", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:8DE1B81CB3F1FAE2DFA54423887EED84", "href": "https://support.apple.com/kb/HT206905", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:13", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 9.3.3\n\nReleased July 18, 2016\n\n**Calendar**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A maliciously crafted calendar invite may cause a device to unexpectedly restart\n\nDescription: A null pointer dereference was addressed through improved memory handling.\n\nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center\n\n**CFNetwork Credentials**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**GasGauge**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.\n\nCVE-2016-7576 : qwertyoruiop\n\nEntry added September 27, 2016\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Safari**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.\n\nCVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**Siri Contacts**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A person with physical access to a device may be able to see private contact information\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.\n\nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\n**Web Media**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode\n\nDescription: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management.\n\nCVE-2016-4603 : Brian Porter (@portex33)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro's Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.\n\nCVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted webpage may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service\n\nDescription: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.\n\nCVE-2016-4651 : Obscure\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-30T10:18:34", "title": "About the security content of iOS 9.3.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4587", "CVE-2016-4604", "CVE-2016-4584", "CVE-2016-4643", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4623", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4583", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4632", "CVE-2016-4624", "CVE-2016-4483", "CVE-2016-4605", "CVE-2016-4642", "CVE-2016-6559", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4628", "CVE-2016-4448", "CVE-2016-4591", "CVE-2016-4651", "CVE-2016-4635", "CVE-2016-4589", "CVE-2016-4615", "CVE-2016-4622", "CVE-2016-4585", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447", "CVE-2016-4603", "CVE-2016-4631", "CVE-2016-7576", "CVE-2016-1865", "CVE-2016-4592", "CVE-2016-4593", "CVE-2016-4590", "CVE-2016-4594", "CVE-2016-4627"], "modified": "2017-11-30T10:18:34", "id": "APPLE:HT206902", "href": "https://support.apple.com/kb/HT206902", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:08", "description": "# About the security content of iOS 9.3.3\n\nThis document describes the security content of iOS 9.3.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 9.3.3\n\nReleased July 18, 2016\n\n**Calendar**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A maliciously crafted calendar invite may cause a device to unexpectedly restart\n\nDescription: A null pointer dereference was addressed through improved memory handling.\n\nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center\n\n**CFNetwork Credentials**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**GasGauge**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.\n\nCVE-2016-7576 : qwertyoruiop\n\nEntry added September 27, 2016\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Safari**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.\n\nCVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**Siri Contacts**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A person with physical access to a device may be able to see private contact information\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.\n\nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\n**Web Media**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode\n\nDescription: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management.\n\nCVE-2016-4603 : Brian Porter (@portex33)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro's Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.\n\nCVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted webpage may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service\n\nDescription: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.\n\nCVE-2016-4651 : Obscure\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of iOS 9.3.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4587", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4593", "CVE-2016-4594", "CVE-2016-4603", "CVE-2016-4604", "CVE-2016-4605", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4628", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4651", "CVE-2016-4653", "CVE-2016-6559", "CVE-2016-7576", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:138B6A194013E2308AFAD7088D94B143", "href": "https://support.apple.com/kb/HT206902", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:25:57", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities December-2016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4634", "CVE-2014-9862", "CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4646", "CVE-2016-4645", "CVE-2016-4649", "CVE-2016-4643", "CVE-2016-1836", "CVE-2016-4598", "CVE-2016-4652", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4602", "CVE-2016-4638", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-2108", "CVE-2013-7456", "CVE-2016-1863", "CVE-2016-4629", "CVE-2016-4632", "CVE-2016-4630", "CVE-2016-2105", "CVE-2016-4600", "CVE-2016-4483", "CVE-2016-2107", "CVE-2016-4612", "CVE-2016-4642", "CVE-2016-0718", "CVE-2016-4647", "CVE-2016-2109", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4621", "CVE-2016-4449", "CVE-2016-4648", "CVE-2016-4595", "CVE-2016-4625", "CVE-2016-4448", "CVE-2016-4599", "CVE-2016-4635", "CVE-2016-4615", "CVE-2016-4633", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-2176", "CVE-2016-4597", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-5096", "CVE-2016-4641", "CVE-2016-4447", "CVE-2016-4619", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4596", "CVE-2016-4601", "CVE-2016-2106", "CVE-2016-4594", "CVE-2016-4639", "CVE-2016-4640"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810227", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities December-2016\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810227\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5096\", \"CVE-2013-7456\",\n \"CVE-2016-4649\", \"CVE-2016-4647\", \"CVE-2016-4648\", \"CVE-2016-4646\",\n \"CVE-2014-9862\", \"CVE-2016-4645\", \"CVE-2016-4644\", \"CVE-2016-4643\",\n \"CVE-2016-4642\", \"CVE-2016-4652\", \"CVE-2016-4637\", \"CVE-2016-4635\",\n \"CVE-2016-4634\", \"CVE-2016-4629\", \"CVE-2016-4630\", \"CVE-2016-4632\",\n \"CVE-2016-4631\", \"CVE-2016-4633\", \"CVE-2016-4626\", \"CVE-2016-4625\",\n \"CVE-2016-1863\", \"CVE-2016-4653\", \"CVE-2016-4582\", \"CVE-2016-1865\",\n \"CVE-2016-4621\", \"CVE-2016-0718\", \"CVE-2016-2108\", \"CVE-2016-2109\",\n \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4483\", \"CVE-2016-4614\",\n \"CVE-2016-4615\", \"CVE-2016-4616\", \"CVE-2016-4619\", \"CVE-2016-4449\",\n \"CVE-2016-1684\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\",\n \"CVE-2016-4610\", \"CVE-2016-4612\", \"CVE-2016-4638\", \"CVE-2016-4640\",\n \"CVE-2016-4641\", \"CVE-2016-4639\", \"CVE-2016-2105\", \"CVE-2016-2106\",\n \"CVE-2016-2107\", \"CVE-2016-2176\", \"CVE-2016-1836\", \"CVE-2016-4594\",\n \"CVE-2016-4601\", \"CVE-2016-4599\", \"CVE-2016-4596\", \"CVE-2016-4597\",\n \"CVE-2016-4600\", \"CVE-2016-4602\", \"CVE-2016-4598\", \"CVE-2016-4595\");\n script_bugtraq_id(90861, 90859, 91834);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 12:37:39 +0530 (Fri, 02 Dec 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities December-2016\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, escalate privileges,\n bypass certain protection mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.11.x before\n 10.11.6\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.11.6 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206903\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.11\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.11\")\n{\n if(version_is_less(version:osVer, test_version:\"10.11.6\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.11.6\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:15", "description": "This host is running Apple Mac OS X and\n is prone to code execution and denial of service vulnerabilities.", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "openvas", "title": "Apple Mac OS X Code Execution And Denial of Service Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4614", "CVE-2015-8126", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4610", "CVE-2016-4609", "CVE-2013-7456", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4483", "CVE-2016-4612", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-5096", "CVE-2016-4447", "CVE-2016-4619", "CVE-2016-1798"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810210", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Code Execution And Denial of Service Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810210\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5096\", \"CVE-2013-7456\",\n \"CVE-2016-4637\", \"CVE-2016-4629\", \"CVE-2016-4630\", \"CVE-2016-1836\",\n \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4483\", \"CVE-2016-4614\",\n \"CVE-2016-4615\", \"CVE-2016-4616\", \"CVE-2016-4619\", \"CVE-2016-4449\",\n \"CVE-2016-1684\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\",\n \"CVE-2016-4610\", \"CVE-2016-4612\", \"CVE-2016-1798\", \"CVE-2015-8126\");\n script_bugtraq_id(90696, 77568);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-22 11:05:47 +0530 (Tue, 22 Nov 2016)\");\n script_name(\"Apple Mac OS X Code Execution And Denial of Service Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to code execution and denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A null pointer dereference error.\n\n - An improper processing of .png file by libpng.\n\n - The multiple memory corruption errors.\n\n - An access issue in the parsing of maliciously crafted XML files.\n\n - The multiple errors in php.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service and to obtain sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.10.x through\n 10.10.5 prior to build 14F1808\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate patch.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206567\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206903\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.10\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.10\")\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n\n if(osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1808\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n\n else if(version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"10.10.5 build 14F1808\";\n }\n}\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:27", "description": "Splunk Enterprise is prone to multiple OpenSSL vulnerabilities.", "cvss3": {}, "published": "2016-09-19T00:00:00", "type": "openvas", "title": "Splunk Enterprise Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2018-11-13T00:00:00", "id": "OPENVAS:1361412562310106262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_splunk_enterprise_openssl_vuln.nasl 12338 2018-11-13 14:51:17Z asteins $\n#\n# Splunk Enterprise Multiple OpenSSL Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:splunk:splunk';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106262\");\n script_version(\"$Revision: 12338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-13 15:51:17 +0100 (Tue, 13 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-19 11:58:34 +0700 (Mon, 19 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\",\n\"CVE-2016-2176\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Splunk Enterprise Multiple OpenSSL Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_splunk_detect.nasl\");\n script_mandatory_keys(\"Splunk/installed\");\n\n script_tag(name:\"summary\", value:\"Splunk Enterprise is prone to multiple OpenSSL vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Splunk Enterprise is affected by multiple OpenSSL vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"Splunk Enterprise 6.4.x, 6.3.x, 6.2.x, 6.1.x, 6.0.x and 5.0.x\");\n\n script_tag(name:\"solution\", value:\"Update to version 6.4.2, 6.3.6, 6.2.10, 6.1.11, 6.0.12 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.splunk.com/view/SP-CAAAPQM\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^6\\.4\") {\n if (version_is_less(version: version, test_version: \"6.4.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.4.2\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^6\\.3\") {\n if (version_is_less(version: version, test_version: \"6.3.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.3.6\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\n\nif (version =~ \"^6\\.2\") {\n if (version_is_less(version: version, test_version: \"6.2.10\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.2.10\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^6\\.1\") {\n if (version_is_less(version: version, test_version: \"6.1.11\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.1.11\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version_is_less(version: version, test_version: \"6.0.12\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.0.12\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:18", "description": "This host is running OpenSSL and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-05-02T00:00:00", "type": "openvas", "title": "OpenSSL Multiple Vulnerabilities -01 May16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310807569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_mult_vuln01_may16_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL Multiple Vulnerabilities -01 May16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807569\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2016-2176\", \"CVE-2016-2109\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2105\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-02 12:46:24 +0530 (Mon, 02 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL Multiple Vulnerabilities -01 May16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c\n script in OpenSSL.\n\n - An integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c\n script in OpenSSL.\n\n - An error in the 'asn1_d2i_read_bio' function in crypto/asn1/a_d2i_fp.c script\n in the ASN.1 BIO implementation in OpenSSL.\n\n - An error in 'X509_NAME_oneline' function in crypto/x509/x509_obj.c in OpenSSL.\n\n - A MITM attacker can use a padding oracle attack to decrypt traffic\n when the connection uses an AES CBC cipher and the server support AES-NI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to conduct mitm attack, gain access to potentially sensitive information,\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.1 before 1.0.1t\n and 1.0.2 before 1.0.2h on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.1t or 1.0.2h or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_xref(name:\"URL\", value:\"https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1t\"))\n {\n fix = \"1.0.1t\";\n VULN = TRUE;\n }\n}\n\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2h\"))\n {\n fix = \"1.0.2h\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:52", "description": "This host is running OpenSSL and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-05-02T00:00:00", "type": "openvas", "title": "OpenSSL Multiple Vulnerabilities -01 May16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310807570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807570", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_mult_vuln01_may16_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL Multiple Vulnerabilities -01 May16 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807570\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2016-2176\", \"CVE-2016-2109\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2105\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-02 12:46:24 +0530 (Mon, 02 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL Multiple Vulnerabilities -01 May16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c\n script in OpenSSL.\n\n - An integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c\n script in OpenSSL.\n\n - An error in the 'asn1_d2i_read_bio' function in crypto/asn1/a_d2i_fp.c script\n in the ASN.1 BIO implementation in OpenSSL.\n\n - An error in 'X509_NAME_oneline' function in crypto/x509/x509_obj.c in OpenSSL.\n\n - A MITM attacker can use a padding oracle attack to decrypt traffic\n when the connection uses an AES CBC cipher and the server support AES-NI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to conduct mitm attack, gain access to potentially sensitive information,\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.1 before 1.0.1t\n and 1.0.2 before 1.0.2h on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.1t or 1.0.2h or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_xref(name:\"URL\", value:\"https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1t\"))\n {\n fix = \"1.0.1t\";\n VULN = TRUE;\n }\n}\n\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2h\"))\n {\n fix = \"1.0.2h\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:35:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1243-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851295", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851295\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:10 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1243-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1243-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:54:47", "description": "Several vulnerabilities were discovered\nin OpenSSL, a Secure Socket Layer toolkit.\n\nCVE-2016-2105 \nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106 \nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107 \nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108 \nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values\nand large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109 \nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncause allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt", "cvss3": {}, "published": "2016-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3566-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703566", "href": "http://plugins.openvas.org/nasl.php?oid=703566", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3566.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3566-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703566);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_name(\"Debian Security Advisory DSA 3566-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-05-03 00:00:00 +0200 (Tue, 03 May 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3566.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is part of the OpenSSL\nproject's implementation of the SSL and TLS cryptographic protocols for secure\ncommunication over the Internet.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1.0.1k-3+deb8u5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin OpenSSL, a Secure Socket Layer toolkit.\n\nCVE-2016-2105 \nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106 \nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107 \nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108 \nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values\nand large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109 \nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncause allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev:amd64\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev:i386\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:39", "description": "Several vulnerabilities were discovered\nin OpenSSL, a Secure Socket Layer toolkit.\n\nCVE-2016-2105\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108\nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values\nand large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncause allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.", "cvss3": {}, "published": "2016-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3566-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703566", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3566.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3566-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703566\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_name(\"Debian Security Advisory DSA 3566-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-03 00:00:00 +0200 (Tue, 03 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3566.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1.0.1k-3+deb8u5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin OpenSSL, a Secure Socket Layer toolkit.\n\nCVE-2016-2105\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108\nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values\nand large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncause allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev:amd64\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev:i386\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:56:10", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120684", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120684\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:12:00 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-695)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-695.html\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2107\", \"CVE-2016-2106\", \"CVE-2016-2109\", \"CVE-2016-2108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for openssl (SUSE-SU-2016:1228-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851289", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851289\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:09 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for openssl (SUSE-SU-2016:1228-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\");\n\n script_tag(name:\"affected\", value:\"openssl on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1228-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:36:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1240-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851299", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851299\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:37 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1240-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1240-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851297", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851297\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:21 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)\n\n - boo#976943: Buffer overrun in ASN1_parse\n\n - boo#977621: Preserve digests for SNI\n\n - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1238-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2959-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssl USN-2959-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842729\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-04 05:19:55 +0200 (Wed, 04 May 2016)\");\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-2107\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-2959-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Huzaifa Sidhpurwala, Hanno B&#246 ck, and\n David Benjamin discovered that OpenSSL incorrectly handled memory when decoding\n ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to\n crash, resulting in a denial of service, or possibly execute arbitrary code.\n (CVE-2016-2108)\n\n Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when\n the connection uses the AES CBC cipher and the server supports AES-NI. A\n remote attacker could possibly use this issue to perform a padding oracle\n attack and decrypt traffic. (CVE-2016-2107)\n\n Guido Vranken discovered that OpenSSL incorrectly handled large amounts of\n input data to the EVP_EncodeUpdate() function. A remote attacker could use\n this issue to cause OpenSSL to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2016-2105)\n\n Guido Vranken discovered that OpenSSL incorrectly handled large amounts of\n input data to the EVP_EncryptUpdate() function. A remote attacker could use\n this issue to cause OpenSSL to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2016-2106)\n\n Brian Carpenter discovered that OpenSSL incorrectly handled memory when\n ASN.1 data is read from a BIO. A remote attacker could possibly use this\n issue to cause memory consumption, resulting in a denial of service.\n (CVE-2016-2109)\n\n As a security improvement, this update also modifies OpenSSL behaviour to\n reject DH key sizes below 1024 bits, preventing a possible downgrade\n attack.\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2959-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2959-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1-4ubuntu5.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1-4ubuntu5.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.2d-0ubuntu1.5\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.2d-0ubuntu1.5\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:58", "description": "Mageia Linux Local Security Checks mgasa-2016-0169", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0169", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310131285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0169.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131285\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:17:48 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0169\");\n script_tag(name:\"insight\", value:\"An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption (CVE-2016-2105). An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption (CVE-2016-2106). A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI (CVE-2016-2107). When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory (CVE-2016-2109)\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0169.html\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0169\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2h~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-08T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2016-1411324654", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2106"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807997", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807997", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2016-1411324654\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807997\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-08 05:18:22 +0200 (Sun, 08 May 2016)\");\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-2107\", \"CVE-2016-2105\", \"CVE-2016-2106\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssl FEDORA-2016-1411324654\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1411324654\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2h~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-11T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2016-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2106"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2016-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808029\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:22:20 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-2107\", \"CVE-2016-2105\", \"CVE-2016-2106\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssl FEDORA-2016-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~15.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2016-05", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2106"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808016", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2016-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808016\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-05 05:22:40 +0200 (Thu, 05 May 2016)\");\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-2107\", \"CVE-2016-2105\", \"CVE-2016-2106\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssl FEDORA-2016-05\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-05\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2h~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:30", "description": "Junos OS is prone to multiple vulnerabilities in OpenSSL.", "cvss3": {}, "published": "2016-10-14T00:00:00", "type": "openvas", "title": "Junos Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2180", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2018-10-29T00:00:00", "id": "OPENVAS:1361412562310106355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106355", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_cve-2016-2105.nasl 12149 2018-10-29 10:48:30Z asteins $\n#\n# Junos Multiple OpenSSL Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106355\");\n script_version(\"$Revision: 12149 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-29 11:48:30 +0100 (Mon, 29 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 09:51:23 +0700 (Fri, 14 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\",\n\"CVE-2016-2180\");\n\n script_name(\"Junos Multiple OpenSSL Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to multiple vulnerabilities in OpenSSL.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker may execute arbitrary code or cause a denial of service\ncondition.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 13.3, 14.1, 14.2 and 15.1\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10759\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^15\") {\n if (revcomp(a: version, b: \"15.1F5-S4\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1F5-S4\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1F6-S2\") < 0) &&\n (revcomp(a: version, b: \"15.1F6\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1F6-S2\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1R4\") < 0) &&\n (revcomp(a: version, b: \"15.1R1\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R4\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D50\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X53-D50\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R9\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1R9\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.1X53-D40\") < 0) &&\n (revcomp(a: version, b: \"14.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1X53-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R8\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.2R8\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a: version, b: \"13.3R10\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.3R10\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-08T17:36:55", "description": "Xerox AltaLink Printers are prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-01-04T00:00:00", "type": "openvas", "title": "Xerox AltaLink Printers Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106", "CVE-2018-17172"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310141826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141826", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Xerox AltaLink Printers Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141826\");\n script_version(\"2020-05-06T10:58:02+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 10:58:02 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-04 15:55:04 +0700 (Fri, 04 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_cve_id(\"CVE-2016-2109\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2176\", \"CVE-2016-2107\",\n \"CVE-2018-17172\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Xerox AltaLink Printers Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_xerox_printer_consolidation.nasl\");\n script_mandatory_keys(\"xerox_printer/detected\");\n\n script_tag(name:\"summary\", value:\"Xerox AltaLink Printers are prone to multiple vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"Xerox AltaLink Printers are prone to multiple vulnerabilities:\n\n - Reflective cross site scripting vulnerability (XSS)\n\n - Additional other cross site scripting vulnerabilities (XSS)\n\n - Vulnerabilities found in OpenSSL (CVE-2016-2109, CVE-2016-2105, CVE-2016-2106, CVE-2016-2176, CVE-2016-2107)\n\n - Unauthenticated command injection in the web application interface (CVE-2018-17172)\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable firmware version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Xerox AltaLink B80xx, C8030, C8035, C8045, C8055 and C8070 prior to\n firmware version 100.008.028.05200.\");\n\n script_tag(name:\"solution\", value:\"Update to version 100.008.028.05200 or later.\");\n\n script_xref(name:\"URL\", value:\"https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/o:xerox:altalink_b8045_firmware\",\n \"cpe:/o:xerox:altalink_b8055_firmware\",\n \"cpe:/o:xerox:altalink_b8065_firmware\",\n \"cpe:/o:xerox:altalink_b8075_firmware\",\n \"cpe:/o:xerox:altalink_b8090_firmware\",\n \"cpe:/o:xerox:altalink_c8030_firmware\",\n \"cpe:/o:xerox:altalink_c8035_firmware\",\n \"cpe:/o:xerox:altalink_c8045_firmware\",\n \"cpe:/o:xerox:altalink_c8055_firmware\",\n \"cpe:/o:xerox:altalink_c8070_firmware\");\n\nif (!infos = get_app_version_from_list(cpe_list: cpe_list, nofork: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\n\nif (version_is_less(version: version, test_version: \"100.008.028.05200\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"100.008.028.05200\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-21T12:42:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-19T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libxslt FEDORA-2019-320d5295fc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1841", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4607", "CVE-2016-4738", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2019-11068"], "modified": "2019-06-20T00:00:00", "id": "OPENVAS:1361412562310876512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876512", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876512\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2016-1841\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4610\", \"CVE-2016-4609\", \"CVE-2019-11068\", \"CVE-2016-1684\", \"CVE-2016-1683\", \"CVE-2016-4738\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:14:42 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"Fedora Update for mingw-libxslt FEDORA-2019-320d5295fc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-320d5295fc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libxslt'\n package(s) announced via the FEDORA-2019-320d5295fc advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This C library allows to transform XML files into other XML files\n(or HTML, text, ...) using the standard XSLT stylesheet transformation\nmechanism. To use it you need to have a version of libxml2 >= 2.6.27\ninstalled. The xsltproc command is a command line interface to the XSLT engine\");\n\n script_tag(name:\"affected\", value:\"'mingw-libxslt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-libxslt\", rpm:\"mingw-libxslt~1.1.33~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4612", "CVE-2016-4607", "CVE-2019-18197", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2015-7995"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192627", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2627\");\n script_version(\"2020-01-23T13:10:10+0000\");\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2019-18197\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:10:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:10:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2627)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2627\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2627\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2019-2627 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4607)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4608)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4609)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.(CVE-2016-4610)\n\nIn xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.28~5.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:57:40", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-706)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7456", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120695", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120695\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:10 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-706)\");\n script_tag(name:\"insight\", value:\"The following security-related issues were resolved:\n\n - Out-of-bounds read in imagescale (CVE-2013-7456)\n\n - Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)\n\n - Integer overflow in php_html_entities() (CVE-2016-5094)\n\n - Integer overflow in php_filter_full_special_chars() (CVE-2016-5095)\n\n - Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093)\n\n (Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.)\");\n\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-706.html\");\n script_cve_id(\"CVE-2013-7456\", \"CVE-2016-5093\", \"CVE-2016-5096\", \"CVE-2016-5094\", \"CVE-2016-5095\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.22~1.125.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:32", "description": "Check the version of openssl", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2016:0722 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882486", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2016:0722 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882486\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:51 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2016:0722 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,\nas well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0722\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021860.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "description": "Oracle Linux Local Security Checks ELSA-2016-0722", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0722", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122924", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0722.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122924\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:42 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0722\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0722 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0722\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0722.html\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2107\", \"CVE-2016-2842\", \"CVE-2016-2106\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-11T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2016:0996-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871614", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2016:0996-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871614\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:23:21 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2016:0996-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0996-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2016:0722-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871610", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2016:0722-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871610\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:08 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2016:0722-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as\na full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0722-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00008.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:40:13", "description": "The specific version of Mac OS X that the system is running is reportedly affected by the following vulnerabilities:\n\n- Apple Mac OS X contains an unspecified NULL pointer dereference flaw in Audio, which may allow a local attacker to cause a denial of service for the system. (CVE-2016-4649)\n\n- Apple Mac OS X contains a use-after-free flaw in DspFuncLib that is triggered as user-supplied input is not properly validated when handling function IDs. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code in the context of the kernel. (CVE-2016-4647)\n\n- Apple Mac OS X contains a use-after-free error in the DspFuncLib extension. The issue is triggered when handling error conditions. With a specially crafted file, a local attacker can dereference already freed memory and potentially execute arbitrary code with root privileges. (CVE-2016-4648)\n\n- Apple Mac OS X contains an out-of-bounds read flaw in ACMP4AACBaseDecoder that is triggered during the handling of a specially crafted MOV file. This may allow a context-dependent attacker to disclose user information. (CVE-2016-4646)\n\n- Apple Mac OS X contains an integer overflow in bspatch related to bsdiff that is triggered as bounds are not properly checked. This may allow a local attacker to potentially gain elevated privileges. (CVE-2014-9862)\n\n- Apple Mac OS X contains a permission flaw in CFNetwork that is triggered during the handling of web browser cookies. This may allow a local attacker to view sensitive user information. (CVE-2016-4645)\n\n- Apple Mac OS X contains an out-of-bounds read flaw in CoreGraphics that is triggered as input is not properly validated. This may allow a local attacker to disclose kernel memory. (CVE-2016-4652)\n\n- Multiple Apple products contain a flaw in CoreGraphics. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4637)\n\n- Multiple Apple products contain a flaw in FaceTime that is triggered as user interface inconsistencies occur when handling relayed calls. This may allow a man-in-the-middle attacker to cause a relayed call to continue to transmit audio while the call appears to be terminated. (CVE-2016-4635)\n\n- Apple Mac OS X contains a flaw in Graphics drivers. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4634)\n\n- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4629)\n\n- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4630)\n\n- Multiple Apple products contain an unspecified flaw in ImageIO that is triggered as memory is not properly handled. This may allow a remote attacker to cause a consumption of available memory resources. (CVE-2016-4632)\n\n- Multiple Apple products contain multiple flaws in ImageIO. The issues are triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4631)\n\n- Apple Mac OS X contains multiple flaws in the Intel Graphics driver. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4633)\n\n- Multiple Apple products contain an unspecified NULL pointer dereference flaw in IOHIDFamily that is triggered as input is not properly validated. This may allow a local attacker to gain elevated, kernel privileges. (CVE-2016-4626)\n\n- Apple Mac OS X contains a use-after-free error in IOSurface that is triggered as memory is not properly managed, which may allow a local attacker to dereference already freed memory and gain elevated, kernel privileges. (CVE-2016-4625)\n\n- Multiple Apple products contain a flaw in Sandbox Profiles that is triggered as restrictions are not properly enforced on privileged API calls. This may allow a local attacker to access the process list. (CVE-2016-4594)\n\n- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1863)\n\n- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-4582)\n\n- Multiple Apple products contain an unspecified NULL pointer dereference flaw in Kernel that is triggered as input is not properly validated. This may allow a local attacker to cause a denial of service for the system. (CVE-2016-1865)\n\n- Apple Mac OS X contains multiple flaws in libc++abi. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with root privileges. (CVE-2016-4621)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4614)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4615)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4616)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4619)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4607)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4608)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4609)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4610)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4612)\n\n- Apple Mac OS X contains an unspecified type confusion flaw in the Login Window, which may allow a local attacker to gain elevated, root privileges. (CVE-2016-4638)\n\n- Apple Mac OS X contains an overflow condition that is triggered as user-supplied input is not properly validated when interacting with _XRegisterCursorWithData. This may allow a local attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-4640)\n\n- Apple Mac OS X contains a type confusion flaw that is triggered by certain _XSetDictionaryForCurrentSession interactions, which may allow a local attacker to gain elevated privileges. (CVE-2016-4641)\n\n- Apple Mac OS X contains an unspecified memory initialization flaw in the Login Window, which may allow a local attacker to cause a denial of service. (CVE-2016-4639)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted SGI file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4601)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted Photoshop Document (PSD). This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4599)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4596)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4597)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4600)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4602)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted image file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4598)\n\n- Apple Mac OS X contains a flaw in the Safari Login AutoFill feature that can cause the user's password to be displayed unobfuscated on the screen. This may allow a physically present attacker to potentially gain knowledge of a user's password. (CVE-2016-4595)\n\n- Multiple Apple products contain a flaw in IOPMrootDomain in the kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute code with elevated privileges. (CVE-2016-4653)\n\n- Multiple Apple Products contain a flaw in CFNetwork Proxies that is due to the transfer of password information in cleartext. This may allow a man-in-the-middle attacker to gain access to password information. (CVE-2016-4642)\n\n- Multiple Apple Products contain a flaw in CFNetowrk Proxies that is triggered when parsing 407 responses. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4643)\n\n- Multiple Apple products contain a downgrade flaw in CFNetwork Proxies that is triggered when saving HTTP authentication credentials in the Keychain. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4644)\n", "cvss3": {}, "published": "2016-09-08T00:00:00", "type": "nessus", "title": "Mac OS X < 10.11.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4631", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4642", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4637", "CVE-2016-4632", "CVE-2016-4626", "CVE-2016-1863", "CVE-2016-4582", "CVE-2016-4653", "CVE-2016-1865", "CVE-2016-4594", "CVE-2016-4649", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4646", "CVE-2014-9862", "CVE-2016-4645", "CVE-2016-4652", "CVE-2016-4635", "CVE-2016-4634", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4633", "CVE-2016-4625", "CVE-2016-4621", "CVE-2016-4638", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4639", "CVE-2016-4601", "CVE-2016-4599", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4600", "CVE-2016-4602", "CVE-2016-4598", "CVE-2016-4595", "CVE-2016-4619", "CVE-2016-4612"], "modified": "2016-09-08T00:00:00", "cpe": [], "id": "802026.PRM", "href": "https://www.tenable.com/plugins/lce/802026", "sourceData": "Binary data 802026.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-17T14:22:31", "description": "The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php\n - Audio\n - bsdiff\n - CFNetwork\n - CoreGraphics\n - FaceTime\n - Graphics Drivers\n - ImageIO\n - Intel Graphics Driver\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - libc++abi\n - libexpat\n - LibreSSL\n - libxml2\n - libxslt\n - Login Window\n - OpenSSL\n - QuickTime\n - Safari Login AutoFill\n - Sandbox Profiles\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2014-9862", "CVE-2016-0718", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1864", "CVE-2016-1865", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4621", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4650", "CVE-2016-4652", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_11_6.NASL", "href": "https://www.tenable.com/plugins/nessus/92496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92496);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2014-9862\",\n \"CVE-2016-0718\",\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-1863\",\n \"CVE-2016-1864\",\n \"CVE-2016-1865\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4582\",\n \"CVE-2016-4594\",\n \"CVE-2016-4595\",\n \"CVE-2016-4596\",\n \"CVE-2016-4597\",\n \"CVE-2016-4598\",\n \"CVE-2016-4599\",\n \"CVE-2016-4600\",\n \"CVE-2016-4601\",\n \"CVE-2016-4602\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\",\n \"CVE-2016-4621\",\n \"CVE-2016-4625\",\n \"CVE-2016-4626\",\n \"CVE-2016-4629\",\n \"CVE-2016-4630\",\n \"CVE-2016-4631\",\n \"CVE-2016-4632\",\n \"CVE-2016-4633\",\n \"CVE-2016-4634\",\n \"CVE-2016-4635\",\n \"CVE-2016-4637\",\n \"CVE-2016-4638\",\n \"CVE-2016-4639\",\n \"CVE-2016-4640\",\n \"CVE-2016-4641\",\n \"CVE-2016-4645\",\n \"CVE-2016-4646\",\n \"CVE-2016-4647\",\n \"CVE-2016-4648\",\n \"CVE-2016-4649\",\n \"CVE-2016-4650\",\n \"CVE-2016-4652\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5096\"\n );\n script_bugtraq_id(\n 90856,\n 90857,\n 90859,\n 90861,\n 90864,\n 90865,\n 90876,\n 90946,\n 91824,\n 91826,\n 91828,\n 91829,\n 91834,\n 92034\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-1\");\n\n script_name(english:\"Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X security update that fixes\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.11.x prior\nto 10.11.6. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache_mod_php\n - Audio\n - bsdiff\n - CFNetwork\n - CoreGraphics\n - FaceTime\n - Graphics Drivers\n - ImageIO\n - Intel Graphics Driver\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - libc++abi\n - libexpat\n - LibreSSL\n - libxml2\n - libxslt\n - Login Window\n - OpenSSL\n - QuickTime\n - Safari Login AutoFill\n - Sandbox Profiles\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/en-us/HT206903\");\n # http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5da74f53\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.11.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4629\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]{1,2})+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.11([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.11\", \"Mac OS X \"+version);\n\nfixed_version = \"10.11.6\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-19T14:45:03", "description": "The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.6, and the following components contain vulnerabilities :\n\n - ACMP4AACBaseDecoder\n - Audio\n - CFNetwork\n - CoreGraphics\n - DspFuncLib\n - FaceTime\n - Graphics\n - IOHIDFamily\n - IOSurface\n - ImageIO\n - Kernel\n - QuickTime\n - Safari\n - Sandbox\n - libxml2", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-29T00:00:00", "type": "nessus", "title": "Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9862", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4605", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4652", "CVE-2016-4653", "CVE-2016-4655", "CVE-2016-4656"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "9441.PRM", "href": "https://www.tenable.com/plugins/nnm/9441", "sourceData": "Binary data 9441.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-14T14:29:25", "description": "The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-004. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php (affects 10.10.5 only)\n - CoreGraphics\n - ImageIO\n - libxml2\n - libxslt\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4637", "CVE-2016-4650", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2016-004.NASL", "href": "https://www.tenable.com/plugins/nessus/92497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92497);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\",\n \"CVE-2016-4629\",\n \"CVE-2016-4630\",\n \"CVE-2016-4637\",\n \"CVE-2016-4650\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5096\"\n );\n script_bugtraq_id(\n 90856,\n 90857,\n 90859,\n 90861,\n 90864,\n 90865,\n 90876,\n 90946,\n 91824,\n 91826,\n 91834,\n 92034\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-05-16-4\");\n\n script_name(english:\"Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)\");\n script_summary(english:\"Checks for the presence of Security Update 2016-004.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.9.5 or\n10.10.5 and is missing Security Update 2016-004. It is, therefore,\naffected by multiple vulnerabilities in the following components :\n\n - apache_mod_php (affects 10.10.5 only)\n - CoreGraphics\n - ImageIO\n - libxml2\n - libxslt\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206903\");\n # http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5da74f53\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2016-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2016-004\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\"))\n audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(10|9)\\.5([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.9.5 or 10.10.5\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:54:23", "description": "The version of Apple iTunes running on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_4_2_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/92411", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92411);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\"\n );\n script_bugtraq_id(\n 90013,\n 90856,\n 90864,\n 90865,\n 90876\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-6\");\n\n script_name(english:\"Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote Windows host is\nprior to 12.4.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-1684,\n CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,\n CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2\n component that allow a remote attacker to cause a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,\n CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,\n CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability\n exists in the libxml2 component due to an incorrectly\n configured XML parser accepting XML external entities\n from an untrusted source. A remote attacker can exploit\n this, via a specially crafted XML file, to disclose\n arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206901\");\n # https://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1925ec51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.4.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.4.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n order = make_list('Version source', 'Installed version', 'Fixed version');\n report = make_array(\n order[0], source,\n order[1], version,\n order[2], fixed_version\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:54:08", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_4_2.NASL", "href": "https://www.tenable.com/plugins/nessus/92410", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92410);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\"\n );\n script_bugtraq_id(\n 90013,\n 90856,\n 90864,\n 90865,\n 90876\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-6\");\n\n script_name(english:\"Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.4.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-1684,\n CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,\n CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2\n component that allow a remote attacker to cause a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,\n CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,\n CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability\n exists in the libxml2 component due to an incorrectly\n configured XML parser accepting XML external entities\n from an untrusted source. A remote attacker can exploit\n this, via a specially crafted XML file, to disclose\n arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206901\");\n # https://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1925ec51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.4.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.4.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (isnull(port)) port = 445;\n\n order = make_list('Version source', 'Installed version', 'Fixed version');\n report = make_array(\n order[0], path,\n order[1], version,\n order[2], fixed_version\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:15:33", "description": "Versions of Apple TV 9.2.x prior to 9.2.2 are affected by multiple vulnerabilities in the following components :\n\n - CFNetwork\n - CoreGraphics\n - IOAcceleratorFamily\n - IOHIDFamily\n - ImageIO\n - Kernel\n - libxml2\n - libxslt\n - Sandbox", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-25T00:00:00", "type": "nessus", "title": "Apple TV 9.2.x < 9.2.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4587", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4653"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "9430.PRM", "href": "https://www.tenable.com/plugins/nnm/9430", "sourceData": "Binary data 9430.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:35", "description": "OpenSSL reports :\n\nMemory corruption in the ASN.1 encoder\n\nPadding oracle in AES-NI CBC MAC check\n\nEVP_EncodeUpdate overflow\n\nEVP_EncryptUpdate overflow\n\nASN.1 BIO excessive memory allocation\n\nEBCDIC overread (OpenSSL only)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl", "p-cpe:/a:freebsd:freebsd:libressl-devel", "p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/90876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90876);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:17.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL reports :\n\nMemory corruption in the ASN.1 encoder\n\nPadding oracle in AES-NI CBC MAC check\n\nEVP_EncodeUpdate overflow\n\nEVP_EncryptUpdate overflow\n\nASN.1 BIO excessive memory allocation\n\nEBCDIC overread (OpenSSL only)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160503.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=openbsd-tech&m=146228598730414\"\n );\n # https://vuxml.freebsd.org/freebsd/01d729ca-1143-11e6-b55e-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7231d985\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2_11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl>=2.3.0<2.3.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.2.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl-devel<2.3.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:24", "description": "New openssl packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-124-01.NASL", "href": "https://www.tenable.com/plugins/nessus/90863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-124-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90863);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\");\n script_xref(name:\"SSA\", value:\"2016-124-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddcc7818\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.2h\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2h\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2h\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2h\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:24", "description": "Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.\n\nCVE-2016-2105\n\nGuido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\nGuido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\n\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC.\n\nCVE-2016-2108\n\nDavid Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\nBrian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.\n\nCVE-2016-2176\n\nGuido Vranken discovered that ASN.1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "Debian DLA-456-1 : openssl security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.0.0", "p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-456.NASL", "href": "https://www.tenable.com/plugins/nessus/90874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-456-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90874);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\");\n\n script_name(english:\"Debian DLA-456-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL, a Secure Socket\nLayer toolkit.\n\nCVE-2016-2105\n\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\n\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108\n\nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values and\nlarge universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncasuse allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.\n\nCVE-2016-2176\n\nGuido Vranken discovered that ASN.1 Strings that are over 1024 bytes\ncan cause an overread in applications using the X509_NAME_oneline()\nfunction on EBCDIC systems. This could result in arbitrary stack data\nbeing returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160503.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u21\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:54:34", "description": "According to its banner, the version of the remote Apple TV device is prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - CoreGraphics\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libxml2\n - libxslt\n - Sandbox Profiles\n - WebKit\n - WebKit Page Loading\n\nNote that only 4th generation models are affected by the vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Apple TV < 9.2.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4587", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4653"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_9_2_2.NASL", "href": "https://www.tenable.com/plugins/nessus/92494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92494);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-1863\",\n \"CVE-2016-1865\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4582\",\n \"CVE-2016-4583\",\n \"CVE-2016-4584\",\n \"CVE-2016-4585\",\n \"CVE-2016-4586\",\n \"CVE-2016-4587\",\n \"CVE-2016-4588\",\n \"CVE-2016-4589\",\n \"CVE-2016-4591\",\n \"CVE-2016-4592\",\n \"CVE-2016-4594\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\",\n \"CVE-2016-4622\",\n \"CVE-2016-4623\",\n \"CVE-2016-4624\",\n \"CVE-2016-4626\",\n \"CVE-2016-4627\",\n \"CVE-2016-4631\",\n \"CVE-2016-4632\",\n \"CVE-2016-4637\",\n \"CVE-2016-4642\",\n \"CVE-2016-4643\",\n \"CVE-2016-4644\",\n \"CVE-2016-4653\"\n );\n script_bugtraq_id(\n 90013,\n 90856,\n 90864,\n 90865,\n 90876,\n 91358,\n 91826,\n 91827,\n 91828,\n 91830,\n 91831,\n 91834\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-4\");\n\n script_name(english:\"Apple TV < 9.2.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of the remote Apple TV device is\nprior to 9.2.2. It is, therefore, affected by multiple vulnerabilities\nin the following components :\n\n - CoreGraphics\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libxml2\n - libxslt\n - Sandbox Profiles\n - WebKit\n - WebKit Page Loading\n\nNote that only 4th generation models are affected by the\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206905\");\n # https://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c0647e9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 9.2.2 or later. Note that this update is\nonly available for 4th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# fix\nfixed_build = \"13Y825\";\ntvos_ver = '9.2.2'; # for reporting purposes only\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE,\n xss : TRUE\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T14:11:42", "description": "The version of iOS running on the mobile device is prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in remote code execution, in the following components :\n\n - Calendar\n - CoreGraphics\n - FaceTime\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libxml2\n - libxslt\n - Safari\n - Sandbox Profiles\n - Siri Contacts\n - Web Media\n - WebKit\n - WebKit JavaScript Bindings\n - WebKit Page Loading", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Apple iOS < 9.3.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1864", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4587", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4593", "CVE-2016-4594", "CVE-2016-4603", "CVE-2016-4604", "CVE-2016-4605", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4628", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4651", "CVE-2016-4653", "CVE-2016-6559", "CVE-2016-7576", "CVE-2016-7705"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_933_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/92359", "sourceData": "Binary data apple_ios_933_check.nbin", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-19T14:26:41", "description": "The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.\n (CVE-2016-2176)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory20.asc", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY20.NASL", "href": "https://www.tenable.com/plugins/nessus/92323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92323);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89752,\n 89757\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory20.asc\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nthe following vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - A remote code execution vulnerability exists in the\n ASN.1 encoder due to an underflow condition that occurs\n when attempting to encode the value zero represented as\n a negative integer. An unauthenticated, remote attacker\n can exploit this to corrupt memory, resulting in the\n execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" && oslevel != \"AIX-7.2\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\n#0.9.8.2507\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\n\n#12.9.8.2507\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\n\n#1.0.1.516\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\n\n#1.0.2.800\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\n\n#20.11.101.501\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T15:25:39", "description": "According to its banner, the version of OpenSSL on the remote host is 1.0.1 prior to 1.0.1t, or 1.0.2 prior to 1.0.2h. It is therefore affected by the following vulnerabilities :\n\n - A flaw exists in 'crypto/asn1/a_d2i_fp.c', which is triggered during the handling of large length fields in ASN.1 BIO. This may allow a remote attacker to exhaust memory resources, potentially crashing a process linked against the library.\n - A flaw exists in the 'aesni_cbc_hmac_sha1_cipher()' function in 'crypto/evp/e_aes_cbc_hmac_sha1.c' and 'aesni_cbc_hmac_sha256_cipher()' function in 'crypto/evp/e_aes_cbc_hmac_sha256.c'. The issue is triggered when a connection uses an AES CBC cipher and AES-NI is supported by the server. This may allow a MitM (Man-in-the-Middle) attacker to conduct a padding oracle attack to potentially decrypt traffic.\n - A flaw in the 'X509_NAME_oneline()' function in 'crypto/x509/x509_obj.c' that is triggered when handling overly long ASN1 strings. This may allow a remote attacker to potentially disclose arbitrary stack memory contents.\n - An overflow condition in the 'EVP_EncryptUpdate()' function in 'crypto/evp/evp_enc.c' is triggered when handling a large amount of input data after a previous call to the same function with a partial block. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially resulting in the execution of arbitrary code.\n - An overflow condition in the 'EVP_EncodeUpdate()' function in 'crypto/evp/encode.c' is triggered when handling a large amount of input data. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially resulting in the execution of arbitrary code.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2016-07-08T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1t / 1.0.2 < 1.0.2h Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "9390.PRM", "href": "https://www.tenable.com/plugins/nnm/9390", "sourceData": "Binary data 9390.prm", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T16:38:05", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1t. It is, therefore, affected by the following vulnerabilities :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.\n (CVE-2016-2176)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1T.NASL", "href": "https://www.tenable.com/plugins/nessus/90890", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90890);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89757,\n 89760\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.1 prior to 1.0.1t. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/cl101.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.1t or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1t', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T16:37:34", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2h. It is, therefore, affected by the following vulnerabilities :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.\n (CVE-2016-2176)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2H.NASL", "href": "https://www.tenable.com/plugins/nessus/90891", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90891);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89757,\n 89760\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.2 prior to 1.0.2h. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/cl102.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2h or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2h', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-16T14:14:24", "description": "Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-2959-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2959-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90887);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_xref(name:\"USN\", value:\"2959-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that\nOpenSSL incorrectly handled memory when decoding ASN.1 structures. A\nremote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding\nwhen the connection uses the AES CBC cipher and the server supports\nAES-NI. A remote attacker could possibly use this issue to perform a\npadding oracle attack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncodeUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncryptUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory\nwhen ASN.1 data is read from a BIO. A remote attacker could possibly\nuse this issue to cause memory consumption, resulting in a denial of\nservice. (CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 1024 bits, preventing a possible\ndowngrade attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2959-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2d-0ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:13:58", "description": "A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI.\n(CVE-2016-2107 , Important)\n\nIt was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an application deserializes and later reserializes untrusted ASN.1 structures containing an ANY field, an attacker may be able to trigger an out-of-bounds write, which can cause potentially exploitable memory corruption. (CVE-2016-2108 , Important)\n\nAn overflow bug was discovered in the EVP_EncodeUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. (CVE-2016-2105 , Low)\n\nAn overflow bug was discovered in the EVP_EncryptUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. (CVE-2016-2106 , Low)\n\nAn issue was discovered in the BIO functions, such as d2i_CMS_bio(), where a short invalid encoding in ASN.1 data can cause allocation of large amounts of memory, potentially resulting in a denial of service.\n(CVE-2016-2109 , Low)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2016-695)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-695.NASL", "href": "https://www.tenable.com/plugins/nessus/90864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-695.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90864);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_xref(name:\"ALAS\", value:\"2016-695\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2016-695)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered that allows a man-in-the-middle\nattacker to use a padding oracle attack to decrypt traffic on a\nconnection using an AES CBC cipher with a server supporting AES-NI.\n(CVE-2016-2107 , Important)\n\nIt was discovered that the ASN.1 parser can misinterpret a large\nuniversal tag as a negative value. If an application deserializes and\nlater reserializes untrusted ASN.1 structures containing an ANY field,\nan attacker may be able to trigger an out-of-bounds write, which can\ncause potentially exploitable memory corruption. (CVE-2016-2108 ,\nImportant)\n\nAn overflow bug was discovered in the EVP_EncodeUpdate() function. An\nattacker could supply very large amounts of input data to overflow a\nlength check, resulting in heap corruption. (CVE-2016-2105 , Low)\n\nAn overflow bug was discovered in the EVP_EncryptUpdate() function. An\nattacker could supply very large amounts of input data to overflow a\nlength check, resulting in heap corruption. (CVE-2016-2106 , Low)\n\nAn issue was discovered in the BIO functions, such as d2i_CMS_bio(),\nwhere a short invalid encoding in ASN.1 data can cause allocation of\nlarge amounts of memory, potentially resulting in a denial of service.\n(CVE-2016-2109 , Low)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-695.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-14.91.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-14.91.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-14.91.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-14.91.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-14.91.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:35", "description": "Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.\n\n - CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption.\n\n - CVE-2016-2106 Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption.\n\n - CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC.\n\n - CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write.\n\n - CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can cause allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.\n\nAdditional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-05T00:00:00", "type": "nessus", "title": "Debian DSA-3566-1 : openssl - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3566.NASL", "href": "https://www.tenable.com/plugins/nessus/90896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3566. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90896);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_xref(name:\"DSA\", value:\"3566\");\n\n script_name(english:\"Debian DSA-3566-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL, a Secure Socket\nLayer toolkit.\n\n - CVE-2016-2105\n Guido Vranken discovered that an overflow can occur in\n the function EVP_EncodeUpdate(), used for Base64\n encoding, if an attacker can supply a large amount of\n data. This could lead to a heap corruption.\n\n - CVE-2016-2106\n Guido Vranken discovered that an overflow can occur in\n the function EVP_EncryptUpdate() if an attacker can\n supply a large amount of data. This could lead to a heap\n corruption.\n\n - CVE-2016-2107\n Juraj Somorovsky discovered a padding oracle in the AES\n CBC cipher implementation based on the AES-NI\n instruction set. This could allow an attacker to decrypt\n TLS traffic encrypted with one of the cipher suites\n based on AES CBC.\n\n - CVE-2016-2108\n David Benjamin from Google discovered that two separate\n bugs in the ASN.1 encoder, related to handling of\n negative zero integer values and large universal tags,\n could lead to an out-of-bounds write.\n\n - CVE-2016-2109\n Brian Carpenter discovered that when ASN.1 data is read\n from a BIO using functions such as d2i_CMS_bio(), a\n short invalid encoding can cause allocation of large\n amounts of memory potentially consuming excessive\n resources or exhausting memory.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160503.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1k-3+deb8u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1k-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1k-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1k-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1k-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1k-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1k-3+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:44", "description": "This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1233-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1233-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1233-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90914);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1233-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI\n (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode (bsc#958501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2107/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2109/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161233-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?271da3db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-717=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-717=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-717=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debuginfo-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debugsource-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-32bit-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:09", "description": "This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1228-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90913);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI\n (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode (bsc#958501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2107/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2109/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161228-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91f413d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-715=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-715=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-715=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-27.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T14:10:14", "description": "This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)\n\n - boo#976943: Buffer overrun in ASN1_parse\n\n - boo#977621: Preserve digests for SNI \n\n - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2016-561)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-561.NASL", "href": "https://www.tenable.com/plugins/nessus/90933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-561.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90933);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2016-561)\");\n script_summary(english:\"Check for the openSUSE-2016-561 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (boo#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (boo#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (boo#976942)\n\n - boo#976943: Buffer overrun in ASN1_parse\n\n - boo#977621: Preserve digests for SNI \n\n - boo#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977621\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.36.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:35", "description": "This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2016-564)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-564.NASL", "href": "https://www.tenable.com/plugins/nessus/90934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-564.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90934);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2016-564)\");\n script_summary(english:\"Check for the openSUSE-2016-564 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI\n (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode (bsc#958501)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977621\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl-devel-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debuginfo-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debugsource-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:13:58", "description": "This update for openssl fixes the following issues :\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2016-562)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-562.NASL", "href": "https://www.tenable.com/plugins/nessus/91067", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-562.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91067);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2016-562)\");\n script_summary(english:\"Check for the openSUSE-2016-562 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.87.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:26:22", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2016-05-31T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2016-148-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-148-03.NASL", "href": "https://www.tenable.com/plugins/nessus/91355", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-148-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91355);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7456\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5096\");\n script_xref(name:\"SSA\", value:\"2016-148-03\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2016-148-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397230\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f887eb7d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.22\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.22\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.22\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.22\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.22\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.22\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-06T14:27:15", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.22. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds read error exists in the\n _gdContributionsCalc() function within file ext/gd/libgd/gd_interpolation.c. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2013-7456)\n\n - An out-of-bounds read error exists in the get_icu_value_internal() function within file ext/intl/locale/locale_methods.c due to improper handling of user-supplied input. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2016-5093)\n\n - An integer overflow condition exists in the php_html_entities() and php_filter_full_special_chars() functions within file ext/standard/html.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-5094)\n\n - An integer underflow condition exists in file ext/standard/file.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a NULL write, resulting in crashing the process linked against the library. (CVE-2016-5096)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2016-06-02T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.22 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_22.NASL", "href": "https://www.tenable.com/plugins/nessus/91442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91442);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5096\"\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.22 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.22. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An out-of-bounds read error exists in the\n _gdContributionsCalc() function within file\n ext/gd/libgd/gd_interpolation.c. An unauthenticated,\n remote attacker can exploit this to disclose sensitive\n information or crash the process linked against the\n library. (CVE-2013-7456)\n\n - An out-of-bounds read error exists in the\n get_icu_value_internal() function within file\n ext/intl/locale/locale_methods.c due to improper\n handling of user-supplied input. An unauthenticated,\n remote attacker can exploit this to disclose sensitive\n information or crash the process linked against the\n library. (CVE-2016-5093)\n\n - An integer overflow condition exists in the\n php_html_entities() and php_filter_full_special_chars()\n functions within file ext/standard/html.c due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2016-5094)\n\n - An integer underflow condition exists in file\n ext/standard/file.c due to improper validation of\n user-supplied input. An unauthenticated, remote\n attacker can exploit this to cause a NULL write,\n resulting in crashing the process linked against the\n library. (CVE-2016-5096)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.22\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5093\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.\" && ver_compare(ver:version, fix:\"5.6.22\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.6.22' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-06T14:18:03", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.3.1-p5. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "pfSense < 2.3.1-p5 Multiple Vulnerabilities (SA-16_07 / SA-16_08)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2018-12-07T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-16_08.NASL", "href": "https://www.tenable.com/plugins/nessus/106502", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106502);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/07 17:08:17\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5096\"\n );\n script_bugtraq_id(\n 90857,\n 90859,\n 90861,\n 90946\n );\n\n script_name(english:\"pfSense < 2.3.1-p5 Multiple Vulnerabilities (SA-16_07 / SA-16_08)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is prior to 2.3.1-p5. It is, therefore, affected by multiple\nvulnerabilities as stated in the referenced vendor advisories.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.3.1_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-16_07.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b9b195dd\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-16_08.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36080faa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.3.1-p5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5093\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.3.1-p5\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T14:56:15", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.22. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds read error exists in the _gdContributionsCalc() function within file ext/gd/libgd/gd_interpolation.c. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2013-7456)\n\n - An out-of-bounds read error exists in the get_icu_value_internal() function within file ext/intl/locale/locale_methods.c due to improper handling of user-supplied input. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2016-5093)\n\n - An integer overflow condition exists in the php_html_entities() and php_filter_full_special_chars() functions within file ext/standard/html.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-5094)\n\n - An integer underflow condition exists in file ext/standard/file.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a NULL write, resulting in crashing the process linked against the library. (CVE-2016-5096)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.22 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98812", "href": "https://www.tenable.com/plugins/was/98812", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-16T14:14:35", "description": "Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-05T00:00:00", "type": "nessus", "title": "Fedora 23 : openssl-1.0.2h-1.fc23 (2016-05c567df1a)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-05C567DF1A.NASL", "href": "https://www.tenable.com/plugins/nessus/90898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-05c567df1a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90898);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\");\n script_xref(name:\"FEDORA\", value:\"2016-05c567df1a\");\n\n script_name(english:\"Fedora 23 : openssl-1.0.2h-1.fc23 (2016-05c567df1a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105,\nCVE-2016-2106\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331536\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4caa443\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"openssl-1.0.2h-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:09", "description": "Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-09T00:00:00", "type": "nessus", "title": "Fedora 24 : openssl-1.0.2h-1.fc24 (2016-1411324654)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-1411324654.NASL", "href": "https://www.tenable.com/plugins/nessus/90949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-1411324654.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90949);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\");\n script_xref(name:\"FEDORA\", value:\"2016-1411324654\");\n\n script_name(english:\"Fedora 24 : openssl-1.0.2h-1.fc24 (2016-1411324654)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105,\nCVE-2016-2106\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331536\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c3dabb3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"openssl-1.0.2h-1.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:35", "description": "Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "Fedora 22 : openssl-1.0.1k-15.fc22 (2016-1e39d934ed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-1E39D934ED.NASL", "href": "https://www.tenable.com/plugins/nessus/91058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-1e39d934ed.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91058);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\");\n script_xref(name:\"FEDORA\", value:\"2016-1e39d934ed\");\n\n script_name(english:\"Fedora 22 : openssl-1.0.1k-15.fc22 (2016-1e39d934ed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105,\nCVE-2016-2106\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331536\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86fd4a4d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openssl-1.0.1k-15.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-17T14:22:47", "description": "The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.22. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL component :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.\n (CVE-2016-2176)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2016-07-20T00:00:00", "type": "nessus", "title": "Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-3612"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_5_0_22.NASL", "href": "https://www.tenable.com/plugins/nessus/92458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92458);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\",\n \"CVE-2016-3612\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89757,\n 89760\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Oracle VM VirtualBox application installed on the remote host is a\nversion prior to 5.0.22. It is, therefore, affected by multiple\nvulnerabilities in the bundled OpenSSL component :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle VM VirtualBox version 5.0.22 or later as referenced\nin the July 2016 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n# Affected :\n# 5.0.x < 5.0.22\nif (ver =~ '^5\\\\.0' && ver_compare(ver:ver, fix:'5.0.22', strict:FALSE) < 0) fix = '5.0.22';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n}\n\nreport =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\nsecurity_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:39:38", "description": "Update to 1.1.33\n\nFix CVE-2016-1841, CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, CVE-2016-4609, CVE-2019-11068, CVE-2016-1684, CVE-2016-1683, CVE-2016-4738.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "Fedora 30 : mingw-libxslt (2019-320d5295fc)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1841", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4738", "CVE-2019-11068"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libxslt", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-320D5295FC.NASL", "href": "https://www.tenable.com/plugins/nessus/126015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-320d5295fc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126015);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-1841\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2016-4738\", \"CVE-2019-11068\");\n script_xref(name:\"FEDORA\", value:\"2019-320d5295fc\");\n\n script_name(english:\"Fedora 30 : mingw-libxslt (2019-320d5295fc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 1.1.33\n\nFix CVE-2016-1841, CVE-2016-4607, CVE-2016-4608, CVE-2016-4610,\nCVE-2016-4609, CVE-2019-11068, CVE-2016-1684, CVE-2016-1683,\nCVE-2016-4738.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-320d5295fc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mingw-libxslt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4738\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"mingw-libxslt-1.1.33-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libxslt\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:46:12", "description": "According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4607)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4608)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4609)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.(CVE-2016-4610)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2627)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2019-18197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-devel", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2627.NASL", "href": "https://www.tenable.com/plugins/nessus/132162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132162);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-7995\",\n \"CVE-2016-1683\",\n \"CVE-2016-1684\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2019-18197\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2627)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The xsltStylePreCompute function in preproc.c in\n libxslt 1.1.28 does not check if the parent node is an\n element, which allows attackers to cause a denial of\n service via a crafted XML file, related to a 'type\n confusion' issue.(CVE-2015-7995)\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles namespace nodes,\n which allows remote attackers to cause a denial of\n service (out-of-bounds heap memory access) or possibly\n have unspecified other impact via a crafted\n document.(CVE-2016-1683)\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles the i format\n token for xsl:number data, which allows remote\n attackers to cause a denial of service (integer\n overflow or resource consumption) or possibly have\n unspecified other impact via a crafted\n document.(CVE-2016-1684)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4607)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4608)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4609)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and\n CVE-2016-4612.(CVE-2016-4610)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a\n pointer variable isn't reset under certain\n circumstances. If the relevant memory area happened to\n be freed and reused in a certain way, a bounds check\n could fail and memory outside a buffer could be written\n to, or uninitialized data could be\n disclosed.(CVE-2019-18197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2627\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0feeac8d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h6\",\n \"libxslt-devel-1.1.28-5.h6\",\n \"libxslt-python-1.1.28-5.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-06T14:26:21", "description": "The PHP Group reports :\n\n- Core :\n\n- Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)\n\n- Fixed bug #72135 (Integer Overflow in php_html_entities).\n(CVE-2016-5094) (PHP 5.5/5.6 only)\n\n- GD :\n\n- Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)\n\n- Intl :\n\n- Fixed bug #72241 (get_icu_value_internal out-of-bounds read).\n(CVE-2016-5093)\n\n- Phar :\n\n- Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()).\n(CVE-2016-4343) (PHP 5.5 only)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-05-31T00:00:00", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (6b110175-246d-11e6-8dd3-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-4343", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php55", "p-cpe:/a:freebsd:freebsd:php55-gd", "p-cpe:/a:freebsd:freebsd:php55-phar", "p-cpe:/a:freebsd:freebsd:php56", "p-cpe:/a:freebsd:freebsd:php56-gd", "p-cpe:/a:freebsd:freebsd:php70-gd", "p-cpe:/a:freebsd:freebsd:php70-intl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6B110175246D11E68DD3002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/91373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91373);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7456\", \"CVE-2016-4343\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5096\");\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (6b110175-246d-11e6-8dd3-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PHP Group reports :\n\n- Core :\n\n- Fixed bug #72114 (Integer underflow / arbitrary null write in\nfread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)\n\n- Fixed bug #72135 (Integer Overflow in php_html_entities).\n(CVE-2016-5094) (PHP 5.5/5.6 only)\n\n- GD :\n\n- Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)\n\n- Intl :\n\n- Fixed bug #72241 (get_icu_value_internal out-of-bounds read).\n(CVE-2016-5093)\n\n- Phar :\n\n- Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()).\n(CVE-2016-4343) (PHP 5.5 only)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-7.php#7.0.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.22\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.36\"\n );\n # https://vuxml.freebsd.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebdd822a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php70-gd<7.0.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php70-intl<7.0.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-gd<5.6.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55<5.5.36\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-gd<5.5.36\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-phar<5.5.36\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-06T14:27:47", "description": "The following security-related issues were resolved :\n\nOut-of-bounds read in imagescale (CVE-2013-7456)\n\nInteger underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)\n\nInteger overflow in php_html_entities() (CVE-2016-5094)\n\nInteger overflow in php_filter_full_special_chars() (CVE-2016-5095)\n\nOut-of-bounds heap read in get_icu_value_internal (CVE-2016-5093)\n\n(Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2016-06-06T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2016-706)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-706.NASL", "href": "https://www.tenable.com/plugins/nessus/91465", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-706.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91465);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2013-7456\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5095\", \"CVE-2016-5096\");\n script_xref(name:\"ALAS\", value:\"2016-706\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2016-706)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security-related issues were resolved :\n\nOut-of-bounds read in imagescale (CVE-2013-7456)\n\nInteger underflow causing arbitrary null write in fread/gzread\n(CVE-2016-5096)\n\nInteger overflow in php_html_entities() (CVE-2016-5094)\n\nInteger overflow in php_filter_full_special_chars() (CVE-2016-5095)\n\nOut-of-bounds heap read in get_icu_value_internal (CVE-2016-5093)\n\n(Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was\nnot previously listed in this errata.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-706.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.22-1.125.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.22-1.125.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-07T14:33:14", "description": "According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.36. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds read error exists in the\n _gdContributionsCalc() function within file ext/gd/libgd/gd_interpolation.c. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2013-7456)\n\n - An uninitialized pointer flaw exists in the phar_make_dirstream() function within file ext/phar/dirstream.c due to improper handling of ././@LongLink files. An unauthenticated, remote attacker can exploit this, via a specially crafted TAR file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4343)\n\n - An out-of-bounds read error exists in the get_icu_value_internal() function within file ext/intl/locale/locale_methods.c due to improper handling of user-supplied input. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2016-5093)\n\n - An integer overflow condition exists in the php_html_entities() and php_filter_full_special_chars() functions within file ext/standard/html.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-5094)\n\n - An integer underflow condition exists in file ext/standard/file.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a NULL write, resulting in crashing the process linked against the library. (CVE-2016-5096)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-02T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.36 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-4343", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_36.NASL", "href": "https://www.tenable.com/plugins/nessus/91441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91441);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2016-4343\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5096\"\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.36 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.5.x prior to 5.5.36. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An out-of-bounds read error exists in the\n _gdContributionsCalc() function within file\n ext/gd/libgd/gd_interpolation.c. An unauthenticated,\n remote attacker can exploit this to disclose sensitive\n information or crash the process linked against the\n library. (CVE-2013-7456)\n\n - An uninitialized pointer flaw exists in the\n phar_make_dirstream() function within file\n ext/phar/dirstream.c due to improper handling of\n ././@LongLink files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted TAR file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2016-4343)\n\n - An out-of-bounds read error exists in the\n get_icu_value_internal() function within file\n ext/intl/locale/locale_methods.c due to improper\n handling of user-supplied input. An unauthenticated,\n remote attacker can exploit this to disclose sensitive\n information or crash the process linked against the\n library. (CVE-2016-5093)\n\n - An integer overflow condition exists in the\n php_html_entities() and php_filter_full_special_chars()\n functions within file ext/standard/html.c due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2016-5094)\n\n - An integer underflow condition exists in file\n ext/standard/file.c due to improper validation of\n user-supplied input. An unauthenticated, remote\n attacker can exploit this to cause a NULL write,\n resulting in crashing the process linked against the\n library. (CVE-2016-5096)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.36\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.36 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5093\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.\" && ver_compare(ver:version, fix:\"5.5.36\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.36' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-19T14:26:41", "description": "According to its self-reported version, the Cisco TelePresence Video Communication Server (VCS) / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)\n\n - A flaw exists in the web framework of TelePresence Video Communication Server (VCS) Expressway due to missing authorization checks on certain administrative pages. An authenticated, remote attacker can exploit this to bypass read-only restrictions and install Tandberg Linux Packages (TLPs) without proper authorization.\n (CVE-2015-6413)\n\n - A flaw exists in certificate management and validation for the Mobile and Remote Access (MRA) component due to improper input validation of a trusted certificate. An unauthenticated, remote attacker can exploit this, using a trusted certificate, to bypass authentication and gain access to internal HTTP system resources.\n (CVE-2016-1444)\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - Multiple flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN.1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.\n (CVE-2016-2176)\n\n - An information disclosure vulnerability exists in the file system permissions due to certain files having overly permissive permissions. An unauthenticated, local attacker can exploit this to disclose sensitive information. (Cisco bug ID CSCuw55636)\n\nNote that Cisco bug ID CSCuw55636 and CVE-2015-6413 only affect versions 8.6.x prior to 8.8.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2808", "CVE-2015-6413", "CVE-2016-1444", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/h:cisco:telepresence_video_communication_server", "cpe:/a:cisco:telepresence_video_communication_server", "cpe:/a:cisco:telepresence_video_communication_server_software"], "id": "CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL", "href": "https://www.tenable.com/plugins/nessus/92045", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92045);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-2808\",\n \"CVE-2015-6413\",\n \"CVE-2016-1444\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 73684,\n 79088,\n 87940,\n 89744,\n 89746,\n 89752,\n 89757,\n 89760,\n 91669\n );\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuw54155\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuz55590\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuw55636\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuw55651\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuz64601\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20160504-openssl\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20160706-vcs\");\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A video conferencing application running on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Cisco TelePresence Video\nCommunication Server (VCS) / Expressway running on the remote host is\n8.x prior to 8.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A security feature bypass vulnerability exists, known as\n Bar Mitzvah, due to improper combination of state data\n with key data by the RC4 cipher algorithm during the\n initialization phase. A man-in-the-middle attacker can\n exploit this, via a brute-force attack using LSB values,\n to decrypt the traffic. (CVE-2015-2808)\n\n - A flaw exists in the web framework of TelePresence Video\n Communication Server (VCS) Expressway due to missing\n authorization checks on certain administrative pages. An\n authenticated, remote attacker can exploit this to\n bypass read-only restrictions and install Tandberg Linux\n Packages (TLPs) without proper authorization.\n (CVE-2015-6413)\n\n - A flaw exists in certificate management and validation\n for the Mobile and Remote Access (MRA) component due to\n improper input validation of a trusted certificate. An\n unauthenticated, remote attacker can exploit this, using\n a trusted certificate, to bypass authentication and gain\n access to internal HTTP system resources.\n (CVE-2016-1444)\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Multiple flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - A remote code execution vulnerability exists in the\n ASN.1 encoder due to an underflow condition that occurs\n when attempting to encode the value zero represented as\n a negative integer. An unauthenticated, remote attacker\n can exploit this to corrupt memory, resulting in the\n execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN.1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\n\n - An information disclosure vulnerability exists in the\n file system permissions due to certain files having\n overly permissive permissions. An unauthenticated, local\n attacker can exploit this to disclose sensitive\n information. (Cisco bug ID CSCuw55636)\n\nNote that Cisco bug ID CSCuw55636 and CVE-2015-6413 only affect\nversions 8.6.x prior to 8.8.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0b860b3\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4146a30f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw54155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz55590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw55636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw55651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz64601\");\n # https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bbf45ac\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco TelePresence VCS / Expressway version 8.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2108\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_video_communication_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_video_communication_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_video_communication_server_software\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_telepresence_video_communication_server_detect.nbin\");\n script_require_keys(\"Cisco/TelePresence_VCS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Cisco/TelePresence_VCS/Version\");\nfullname = \"Cisco TelePresence Device\";\n\nif (version =~ \"^8\\.[0-7]($|[^0-9])\")\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : 8.8' +\n '\\n';\n security_report_v4(severity:SECURITY_HOLE,port:0, extra:report);\n}\nelse audit(AUDIT_DEVICE_NOT_VULN, fullname, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:40", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.3.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "pfSense < 2.3.1 Multiple Vulnerabilities (SA-16_03 / SA-16-04)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1886", "CVE-2016-1887", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176"], "modified": "2020-04-27T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-16_04.NASL", "href": "https://www.tenable.com/plugins/nessus/106500", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106500);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\n \"CVE-2016-1886\",\n \"CVE-2016-1887\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89757,\n 89760,\n 90734\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n script_xref(name:\"EDB-ID\", value:\"44212\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:17.openssl\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:18.atkbd\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:19.sendmsg\");\n\n script_name(english:\"pfSense < 2.3.1 Multiple Vulnerabilities (SA-16_03 / SA-16-04)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is prior to 2.3.1. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.3.1_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-16_03.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?434aa389\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-16_04.filterlog.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f5d9b668\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2109\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.3.1\"}\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-16T14:13:58", "description": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "CentOS 7 : openssl (CESA-2016:0722)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0722 and \n# CentOS Errata and Security Advisory 2016:0722 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91017);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"CentOS 7 : openssl (CESA-2016:0722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-May/021860.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8963b97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:44", "description": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "RHEL 7 : openssl (RHSA-2016:0722)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0722. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91033);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"RHEL 7 : openssl (RHSA-2016:0722)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0722\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T14:10:45", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "RHEL 6 : openssl (RHSA-2016:0996)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0996.NASL", "href": "https://www.tenable.com/plugins/nessus/91037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0996. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91037);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0996\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2016:0996)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0996\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:14:43", "description": "From Red Hat Security Advisory 2016:0722 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssl (ELSA-2016-0722)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0722 and \n# Oracle Linux Security Advisory ELSA-2016-0722 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91029);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"Oracle Linux 7 : openssl (ELSA-2016-0722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0722 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006014.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:13:59", "description": "Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very