DATABASE RESOURCES PRICING ABOUT US

{"id": "APPLE:HT208696", "bulletinFamily": "software", "title": "About the security content of watchOS 4.3 - Apple Support", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.3\n\nReleased March 29, 2018\n\n**CoreFoundation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4158: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated November 16, 2018\n\n**File System Events**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added October 30, 2018, updated November 16, 2018\n\n**NSURLSession**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**System Preferences**\n\nAvailable for: All Apple Watch models\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed with improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) from Wire Swiss GmbH for their assistance.\n\nEntry added June 21, 2018\n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n", "published": "2018-11-17T12:30:02", "modified": "2018-11-17T12:30:02", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://support.apple.com/kb/HT208696", "reporter": "Apple", "references": [], "cvelist": ["CVE-2018-4142", "CVE-2018-4390", "CVE-2018-4129", "CVE-2018-4146", "CVE-2018-4185", "CVE-2018-4207", "CVE-2018-4157", "CVE-2018-4212", "CVE-2018-4166", "CVE-2018-4213", "CVE-2018-4155", "CVE-2018-4163", "CVE-2018-4114", "CVE-2018-4145", "CVE-2018-4162", "CVE-2018-4391", "CVE-2018-4104", "CVE-2017-15412", "CVE-2018-4125", "CVE-2018-4143", "CVE-2018-4209", "CVE-2018-4113", "CVE-2018-4115", "CVE-2018-4167", "CVE-2018-4210", "CVE-2018-4208", "CVE-2018-4144", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4150", "CVE-2018-4122", "CVE-2018-4158", "CVE-2018-4121"], "type": "apple", "lastseen": "2020-12-24T20:42:16", "edition": 3, "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1415", "ALAS2-2020-1466"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:17C608E2C103690298834FEC459F2960", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:80F205F5E8A723A8899FE7CE7D761778", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:E86C067FDA2C97D52BE9FC136361BDF7", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208221", "APPLE:HT208692", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT208852", "APPLE:HT208933", "APPLE:HT209192"]}, {"type": "archlinux", "idList": ["ASA-201712-5"]}, {"type": "centos", "idList": ["CESA-2018:3140", "CESA-2020:1190"]}, {"type": "chrome", "idList": ["GCSA-303902488167885418", "GCSA-6993857189147290065"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:81EBD6DFAEE8502A1AEE7ACA1D96C999"]}, {"type": "cve", "idList": ["CVE-2017-15412", "CVE-2018-4104", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4117", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4129", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4150", "CVE-2018-4155", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4185", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4390", "CVE-2018-4391"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1211-1:EA9E0", "DEBIAN:DSA-4086-1:58F72", "DEBIAN:DSA-4086-1:8DFD7", "DEBIAN:DSA-4256-1:0B30A", "DEBIAN:DSA-4256-1:E1FC3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-15412", "DEBIANCVE:CVE-2018-4113", "DEBIANCVE:CVE-2018-4114", "DEBIANCVE:CVE-2018-4117", "DEBIANCVE:CVE-2018-4121", "DEBIANCVE:CVE-2018-4122", "DEBIANCVE:CVE-2018-4125", "DEBIANCVE:CVE-2018-4129", "DEBIANCVE:CVE-2018-4146", "DEBIANCVE:CVE-2018-4161", "DEBIANCVE:CVE-2018-4162", "DEBIANCVE:CVE-2018-4163", "DEBIANCVE:CVE-2018-4207", "DEBIANCVE:CVE-2018-4208", "DEBIANCVE:CVE-2018-4209", "DEBIANCVE:CVE-2018-4210", "DEBIANCVE:CVE-2018-4212", "DEBIANCVE:CVE-2018-4213"]}, {"type": "f5", "idList": ["F5:K76678525"]}, {"type": "fedora", "idList": ["FEDORA:0F54C60BE23D", "FEDORA:2E8D96005552", "FEDORA:5F80C60AEBEC", "FEDORA:855A9625F2AD", "FEDORA:9834B601E6F9", "FEDORA:EC7F86046254"]}, {"type": "freebsd", "idList": ["1D951E85-FFDB-11E7-8B91-E8E0B747A45A", "B9C525D9-9198-11E8-BEBA-080027EF1A23"]}, {"type": "gentoo", "idList": ["GLSA-201801-03", "GLSA-201808-01", "GLSA-201808-04", "GLSA-201812-04"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37170621F78D33B9DDE68A73E0A16294", "GOOGLEPROJECTZERO:9418CBB054BDA9E57D7F2E7ABF5F7BE0", "GOOGLEPROJECTZERO:A46B3136EBE92DFE53548BB20EFF1ABC"]}, {"type": "ibm", "idList": ["244ECED1318E3472926D72334F870E4E52EEBDA4CBF4408680F466AF6B21AED2", "2C79ED95B1DDF725C67F241D5C01546FA0476ABBA3CE0E75B8B5CD09C4F93D6C", "8AF09D39919DFCEDA59D30328E778381C2630CD9C097879DBB5204834A432A43", "B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC", "BEE773E4A6A548D08B8B9B27B8581116109A00DD9D98FECB148AD73D2A44F35E", "CC5F277D3ACAE3335BA730A0207062A84F97F8B011460F964107C4802703541B", "E228AE26D557AC2FB8C5AF13926D0970F3BAC5922DC3700312E52FD8E2BD1B47"]}, {"type": "kaspersky", "idList": ["KLA11152", "KLA11281", "KLA11298"]}, {"type": "mageia", "idList": ["MGASA-2018-0048", "MGASA-2018-0050", "MGASA-2018-0213", "MGASA-2018-0343"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-APPLE_IOS-BROWSER-SAFARI_JIT-"]}, {"type": "myhack58", "idList": ["MYHACK58:62201996030"]}, {"type": "nessus", "idList": ["700351.PASL", "700361.PASL", "700503.PRM", "700515.PRM", "700516.PRM", "700548.PRM", "700554.PRM", "AL2_ALAS-2020-1466.NASL", "ALA_ALAS-2020-1415.NASL", "APPLETV_11_3.NASL", "APPLE_IOS_113_CHECK.NBIN", "APPLE_IOS_121_CHECK.NBIN", "CENTOS_RHSA-2020-1190.NASL", "DEBIAN_DLA-1211.NASL", "DEBIAN_DSA-4086.NASL", "DEBIAN_DSA-4256.NASL", "EULEROS_SA-2018-1446.NASL", "EULEROS_SA-2019-1007.NASL", "EULEROS_SA-2019-1034.NASL", "EULEROS_SA-2019-1211.NASL", "FEDORA_2017-C2645AA935.NASL", "FEDORA_2017-EA44F172E3.NASL", "FEDORA_2018-499F2DBC96.NASL", "FEDORA_2018-4A16E37C81.NASL", "FEDORA_2018-AAFDBB5554.NASL", "FEDORA_2018-FAFF5F661E.NASL", "FREEBSD_PKG_1D951E85FFDB11E78B91E8E0B747A45A.NASL", "FREEBSD_PKG_B9C525D9919811E8BEBA080027EF1A23.NASL", "GENTOO_GLSA-201801-03.NASL", "GENTOO_GLSA-201808-01.NASL", "GENTOO_GLSA-201808-04.NASL", "GENTOO_GLSA-201812-04.NASL", "GOOGLE_CHROME_63_0_3239_84.NASL", "ITUNES_12_7_4.NASL", "ITUNES_12_7_4_BANNER.NASL", "MACOSX_GOOGLE_CHROME_63_0_3239_84.NASL", "MACOSX_SAFARI11_1_0.NASL", "MACOSX_SECUPD2018-002.NASL", "MACOS_10_13_1.NASL", "MACOS_10_13_4.NASL", "NEWSTART_CGSL_NS-SA-2020-0060_LIBXML2.NASL", "NEWSTART_CGSL_NS-SA-2020-0091_LIBXML2.NASL", "OPENSUSE-2017-1349.NASL", "OPENSUSE-2018-1288.NASL", "OPENSUSE-2018-154.NASL", "OPENSUSE-2018-780.NASL", "OPENSUSE-2019-559.NASL", "OPENSUSE-2019-68.NASL", "OPENSUSE-2019-81.NASL", "REDHAT-RHSA-2017-3401.NASL", "REDHAT-RHSA-2018-2282.NASL", "REDHAT-RHSA-2020-1190.NASL", "SL_20200407_LIBXML2_ON_SL7_X.NASL", "SUSE_SU-2018-0395-1.NASL", "SUSE_SU-2018-0401-1.NASL", "SUSE_SU-2018-3387-1.NASL", "SUSE_SU-2019-0059-1.NASL", "SUSE_SU-2019-0092-1.NASL", "UBUNTU_USN-3513-1.NASL", "UBUNTU_USN-3635-1.NASL", "UBUNTU_USN-3781-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704086", "OPENVAS:1361412562310704256", "OPENVAS:1361412562310812235", "OPENVAS:1361412562310812236", "OPENVAS:1361412562310812237", "OPENVAS:1361412562310813109", "OPENVAS:1361412562310813110", "OPENVAS:1361412562310813111", "OPENVAS:1361412562310813112", "OPENVAS:1361412562310813113", "OPENVAS:1361412562310813801", "OPENVAS:1361412562310813802", "OPENVAS:1361412562310813803", "OPENVAS:1361412562310843514", "OPENVAS:1361412562310843650", "OPENVAS:1361412562310843763", "OPENVAS:1361412562310851660", "OPENVAS:1361412562310851823", "OPENVAS:1361412562310852089", "OPENVAS:1361412562310852248", "OPENVAS:1361412562310873974", "OPENVAS:1361412562310873977", "OPENVAS:1361412562310874300", "OPENVAS:1361412562310875008", "OPENVAS:1361412562310875088", "OPENVAS:1361412562311220181446", "OPENVAS:1361412562311220191007", "OPENVAS:1361412562311220191034", "OPENVAS:1361412562311220191211"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1190"]}, {"type": "osv", "idList": ["OSV:DLA-1211-1", "OSV:DSA-4086-1", "OSV:DSA-4256-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:158874"]}, {"type": "redhat", "idList": ["RHSA-2017:3401", "RHSA-2018:0287", "RHSA-2018:2282", "RHSA-2018:3140", "RHSA-2020:1190"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-15412", "RH:CVE-2018-4117", "RH:CVE-2018-4121"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3244-1", "OPENSUSE-SU-2017:3245-1", "OPENSUSE-SU-2018:2134-1", "OPENSUSE-SU-2018:2135-1", "OPENSUSE-SU-2018:3473-1", "OPENSUSE-SU-2019:0068-1", "OPENSUSE-SU-2019:0081-1"]}, {"type": "ubuntu", "idList": ["USN-3513-1", "USN-3513-2", "USN-3635-1", "USN-3781-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-15412", "UB:CVE-2018-4113", "UB:CVE-2018-4114", "UB:CVE-2018-4117", "UB:CVE-2018-4121", "UB:CVE-2018-4122", "UB:CVE-2018-4125", "UB:CVE-2018-4129", "UB:CVE-2018-4146", "UB:CVE-2018-4161", "UB:CVE-2018-4162", "UB:CVE-2018-4163", "UB:CVE-2018-4207", "UB:CVE-2018-4208", "UB:CVE-2018-4209", "UB:CVE-2018-4210", "UB:CVE-2018-4212", "UB:CVE-2018-4213"]}, {"type": "veracode", "idList": ["VERACODE:27140"]}, {"type": "zdi", "idList": ["ZDI-18-271", "ZDI-18-272", "ZDI-18-275", "ZDI-18-276", "ZDI-18-277", "ZDI-18-278"]}, {"type": "zdt", "idList": ["1337DAY-ID-30137", "1337DAY-ID-30320", "1337DAY-ID-34829"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:17C608E2C103690298834FEC459F2960", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:80F205F5E8A723A8899FE7CE7D761778", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:E86C067FDA2C97D52BE9FC136361BDF7", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208692", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT208852", "APPLE:HT208933", "APPLE:HT209192"]}, {"type": "archlinux", "idList": ["ASA-201712-5"]}, {"type": "centos", "idList": ["CESA-2018:3140"]}, {"type": "chrome", "idList": ["GCSA-303902488167885418", "GCSA-6993857189147290065"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:81EBD6DFAEE8502A1AEE7ACA1D96C999"]}, {"type": "cve", "idList": ["CVE-2018-4104", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4117", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4129", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4150", "CVE-2018-4155", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4166", "CVE-2018-4167"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1211-1:EA9E0", "DEBIAN:DSA-4086-1:58F72", "DEBIAN:DSA-4256-1:0B30A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-4117"]}, {"type": "f5", "idList": ["F5:K76678525"]}, {"type": "fedora", "idList": ["FEDORA:0F54C60BE23D", "FEDORA:2E8D96005552", "FEDORA:5F80C60AEBEC", "FEDORA:855A9625F2AD", "FEDORA:9834B601E6F9", "FEDORA:EC7F86046254"]}, {"type": "freebsd", "idList": ["1D951E85-FFDB-11E7-8B91-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201801-03"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37170621F78D33B9DDE68A73E0A16294", "GOOGLEPROJECTZERO:9418CBB054BDA9E57D7F2E7ABF5F7BE0", "GOOGLEPROJECTZERO:A46B3136EBE92DFE53548BB20EFF1ABC"]}, {"type": "ibm", "idList": ["2C79ED95B1DDF725C67F241D5C01546FA0476ABBA3CE0E75B8B5CD09C4F93D6C"]}, {"type": "kaspersky", "idList": ["KLA11152"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/APPLE_IOS/BROWSER/SAFARI_JIT"]}, {"type": "myhack58", "idList": ["MYHACK58:62201996030"]}, {"type": "nessus", "idList": ["ALA_ALAS-2020-1415.NASL", "DEBIAN_DLA-1211.NASL", "DEBIAN_DSA-4086.NASL", "FEDORA_2017-C2645AA935.NASL", "FEDORA_2018-FAFF5F661E.NASL", "FREEBSD_PKG_1D951E85FFDB11E78B91E8E0B747A45A.NASL", "GENTOO_GLSA-201801-03.NASL", "GOOGLE_CHROME_63_0_3239_84.NASL", "ITUNES_12_7_4.NASL", "MACOSX_GOOGLE_CHROME_63_0_3239_84.NASL", "MACOSX_SAFARI11_1_0.NASL", "MACOSX_SECUPD2018-002.NASL", "MACOS_10_13_1.NASL", "MACOS_10_13_4.NASL", "OPENSUSE-2017-1349.NASL", "REDHAT-RHSA-2017-3401.NASL", "UBUNTU_USN-3513-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704086", "OPENVAS:1361412562310812235", "OPENVAS:1361412562310812236", "OPENVAS:1361412562310812237", "OPENVAS:1361412562310813109", "OPENVAS:1361412562310813110", "OPENVAS:1361412562310813111", "OPENVAS:1361412562310813112", "OPENVAS:1361412562310813113", "OPENVAS:1361412562310843650", "OPENVAS:1361412562310851660", "OPENVAS:1361412562310873974", "OPENVAS:1361412562310873977", "OPENVAS:1361412562310874300"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:158874"]}, {"type": "redhat", "idList": ["RHSA-2018:0287"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-4117", "RH:CVE-2018-4121"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3244-1", "OPENSUSE-SU-2017:3245-1"]}, {"type": "ubuntu", "idList": ["USN-3513-1", "USN-3513-2", "USN-3781-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4113", "UB:CVE-2018-4114", "UB:CVE-2018-4117", "UB:CVE-2018-4121", "UB:CVE-2018-4122", "UB:CVE-2018-4125", "UB:CVE-2018-4129", "UB:CVE-2018-4146", "UB:CVE-2018-4161", "UB:CVE-2018-4162", "UB:CVE-2018-4163", "UB:CVE-2018-4207", "UB:CVE-2018-4208", "UB:CVE-2018-4209", "UB:CVE-2018-4210", "UB:CVE-2018-4212", "UB:CVE-2018-4213"]}, {"type": "zdi", "idList": ["ZDI-18-272", "ZDI-18-276", "ZDI-18-278"]}, {"type": "zdt", "idList": ["1337DAY-ID-30137", "1337DAY-ID-34829"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "watchos", "version": 4}]}, "epss": [{"cve": "CVE-2018-4142", "epss": "0.011020000", "percentile": "0.822260000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4390", "epss": "0.000590000", "percentile": "0.226590000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4129", "epss": "0.004840000", "percentile": "0.722150000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4146", "epss": "0.005460000", "percentile": "0.739100000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4185", "epss": "0.002280000", "percentile": "0.592280000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4207", "epss": "0.006870000", "percentile": "0.770100000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4157", "epss": "0.001480000", "percentile": "0.490530000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4212", "epss": "0.006790000", "percentile": "0.768550000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4166", "epss": "0.001480000", "percentile": "0.490530000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4213", "epss": "0.004410000", "percentile": "0.708320000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4155", "epss": "0.001480000", "percentile": "0.490530000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4163", "epss": "0.004840000", "percentile": "0.722150000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4114", "epss": "0.004930000", "percentile": "0.724720000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4145", "epss": "0.010330000", "percentile": "0.815920000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4162", "epss": "0.004830000", "percentile": "0.721800000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4391", "epss": "0.000590000", "percentile": "0.226590000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4104", "epss": "0.000900000", "percentile": "0.368160000", "modified": "2023-03-20"}, {"cve": "CVE-2017-15412", "epss": "0.012370000", "percentile": "0.833410000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4125", "epss": "0.004840000", "percentile": "0.722150000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4143", "epss": "0.001480000", "percentile": "0.490530000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4209", "epss": "0.006870000", "percentile": "0.770100000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4113", "epss": "0.010470000", "percentile": "0.817220000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4115", "epss": "0.007010000", "percentile": "0.772620000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4167", "epss": "0.001480000", "percentile": "0.490530000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4210", "epss": "0.006590000", "percentile": "0.764000000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4208", "epss": "0.006870000", "percentile": "0.770100000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4144", "epss": "0.001410000", "percentile": "0.480890000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4117", "epss": "0.004280000", "percentile": "0.704260000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4161", "epss": "0.004840000", "percentile": "0.722150000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4150", "epss": "0.001490000", "percentile": "0.493110000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4122", "epss": "0.004840000", "percentile": "0.722150000", "modified": "2023-03-19"}, {"cve": "CVE-2018-4158", "epss": "0.001480000", "percentile": "0.490530000", "modified": "2023-03-20"}, {"cve": "CVE-2018-4121", "epss": "0.036440000", "percentile": "0.902560000", "modified": "2023-03-20"}], "vulnersScore": 0.5}, "affectedSoftware": [{"name": "watchos", "operator": "lt", "version": "4.3"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "_state": {"dependencies": 1659998956, "score": 1659984068, "affected_software_major_version": 1666695388, "epss": 1679323282}, "_internal": {"score_hash": "7f374a55dfc591464ff8e797d880406f"}}

{"apple": [{"lastseen": "2022-03-14T04:14:37", "description": "# About the security content of watchOS 4.3\n\nThis document describes the security content of watchOS 4.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.3\n\nReleased March 29, 2018\n\n**CoreFoundation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4158: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated November 16, 2018\n\n**File System Events**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added October 30, 2018, updated November 16, 2018\n\n**NSURLSession**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**System Preferences**\n\nAvailable for: All Apple Watch models\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4121: natashenka of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed with improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) from Wire Swiss GmbH for their assistance.\n\nEntry added June 21, 2018\n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "apple", "title": "About the security content of watchOS 4.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412", "CVE-2018-4104", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4117", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4129", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4150", "CVE-2018-4155", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4185", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2018-03-29T00:00:00", "id": "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "href": "https://support.apple.com/kb/HT208696", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-11T19:30:39", "description": "# About the security content of tvOS 11.3\n\nThis document describes the security content of tvOS 11.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.3\n\nReleased March 29, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated November 16, 2018\n\n**File System Events**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry added October 18, 2018\n\n**NSURLSession**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**System Preferences**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: natashenka of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n\n\n## Additional recognition \n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "apple", "title": "About the security content of tvOS 11.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412", "CVE-2018-4101", "CVE-2018-4104", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4150", "CVE-2018-4155", "CVE-2018-4157", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4185", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213"], "modified": "2018-03-29T00:00:00", "id": "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "href": "https://support.apple.com/kb/HT208698", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:50", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.3\n\nReleased March 29, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated November 16, 2018\n\n**File System Events**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry added October 18, 2018\n\n**NSURLSession**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**System Preferences**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n\n\n## Additional recognition \n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T12:30:19", "title": "About the security content of tvOS 11.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4119", "CVE-2018-4142", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4185", "CVE-2018-4207", "CVE-2018-4157", "CVE-2018-4212", "CVE-2018-4166", "CVE-2018-4213", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4155", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4145", "CVE-2018-4162", "CVE-2018-4104", "CVE-2017-15412", "CVE-2018-4125", "CVE-2018-4143", "CVE-2018-4209", "CVE-2018-4113", "CVE-2018-4115", "CVE-2018-4167", "CVE-2018-4210", "CVE-2018-4127", "CVE-2018-4208", "CVE-2018-4144", "CVE-2018-4161", "CVE-2018-4150", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2018-11-17T12:30:19", "id": "APPLE:HT208698", "href": "https://support.apple.com/kb/HT208698", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T04:14:35", "description": "# About the security content of iCloud for Windows 7.4\n\nThis document describes the security content of iCloud for Windows 7.4.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.4\n\nReleased March 29, 2018\n\n**Security**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: natashenka of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.4", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213"], "modified": "2018-03-29T00:00:00", "id": "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "href": "https://support.apple.com/kb/HT208697", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:59", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.4\n\nReleased March 29, 2018\n\n**Security**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 1, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T04:45:24", "title": "About the security content of iCloud for Windows 7.4 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4207", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4145", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4209", "CVE-2018-4113", "CVE-2018-4210", "CVE-2018-4127", "CVE-2018-4208", "CVE-2018-4144", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2018-10-18T04:45:24", "id": "APPLE:HT208697", "href": "https://support.apple.com/kb/HT208697", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T03:29:33", "description": "# About the security content of iTunes 12.7.4 for Windows\n\nThis document describes the security content of iTunes 12.7.4 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7.4 for Windows\n\nReleased March 29, 2018\n\n**Security**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: natashenka of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later \n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.7.4 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213"], "modified": "2018-03-29T00:00:00", "id": "APPLE:34416127035F64778C9F3F0EB9CDBC11", "href": "https://support.apple.com/kb/HT208694", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:30", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7.4 for Windows\n\nReleased March 29, 2018\n\n**Security**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later \n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-02T05:10:03", "title": "About the security content of iTunes 12.7.4 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4207", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4209", "CVE-2018-4113", "CVE-2018-4210", "CVE-2018-4127", "CVE-2018-4208", "CVE-2018-4144", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2018-05-02T05:10:03", "id": "APPLE:HT208694", "href": "https://support.apple.com/kb/HT208694", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-26T19:32:31", "description": "# About the security content of iOS 11.3\n\nThis document describes the security content of iOS 11.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.3\n\nReleased March 29, 2018\n\n**Apple TV App**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the Apple TV App\n\nDescription: An input validation issue was addressed through improved input validation.\n\n****CVE-2018-4177: Jerry Decime\n\nEntry added April 13, 2018\n\n**Clock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to see the email address used for iTunes\n\nDescription: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed with improved access restrictions.\n\nCVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)\n\nEntry updated November 16, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4158: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated November 16, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added October 30, 2018, updated November 16, 2018\n\n**File System Events**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**Files Widget**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: File Widget may display contents on a locked device\n\nDescription: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.\n\nCVE-2018-4168: Brandon Moore\n\n**Find My iPhone**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password\n\nDescription: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.\n\nCVE-2018-4172: Viljami Vastam\u00e4ki\n\n**iCloud Drive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4151: Samuel Gro\u00df (@5aelo)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added October 30, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4187: Roman Mueller (@faker_), Zhiyang Zeng (@Wester) of Tencent Security Platform Department\n\nEntry added September 17, 2019\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4174: John McCombs of Integrated Mapping Ltd, McClain Looney of LoonSoft Inc.\n\nEntry updated April 13, 2018\n\n**NSURLSession**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**PluginKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4156: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department\n\n**Safari Login AutoFill**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.\n\nDescription: Safari autofill did not require explicit user interaction before taking place. The issue was addressed with improved autofill heuristics.\n\nCVE-2018-4137\n\nEntry updated November 16, 2018\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2018-4149: Abhinash Jain (@abhinashjain)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**Status Bar**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the microphone without indication to the user\n\nDescription: A consistency issue existed in deciding when to show the microphone use indicator. The issue was resolved with improved capability validation.\n\nCVE-2018-4173: Joshua Pokotilow of pingmd\n\nEntry added April 9, 2018\n\n**Storage**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4154: Samuel Gro\u00df (@5aelo)\n\n**System Preferences**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated November 16, 2018\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker can cause a device to unexpectedly restart\n\nDescription: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed with improved message validation.\n\nCVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV\n\nEntry updated November 16, 2018\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, and Wi-Fi + Cellular models of iPad Air and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple buffer overflows were addressed with improved input validation.\n\nCVE-2018-4148: Nico Golde of Comsecuris UG\n\nEntry added March 30, 2018\n\n**Web App**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cookies may unexpectedly persist in web app\n\nDescription: A cookie management issue was addressed with improved state management.\n\nCVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WindowServer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled\n\nDescription: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.\n\nCVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) from Wire Swiss GmbH for their assistance.\n\nEntry added June 21, 2018\n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n\n**WebKit**\n\nWe would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 27, 2020\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "apple", "title": "About the security content of iOS 11.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412", "CVE-2018-4101", "CVE-2018-4104", "CVE-2018-4110", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4123", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4131", "CVE-2018-4134", "CVE-2018-4137", "CVE-2018-4140", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4148", "CVE-2018-4149", "CVE-2018-4150", "CVE-2018-4151", "CVE-2018-4154", "CVE-2018-4155", "CVE-2018-4156", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4168", "CVE-2018-4172", "CVE-2018-4173", "CVE-2018-4174", "CVE-2018-4177", "CVE-2018-4185", "CVE-2018-4187", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2018-03-29T00:00:00", "id": "APPLE:6B41E03BE95C41152A91DE7584480E16", "href": "https://support.apple.com/kb/HT208693", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:10", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.3\n\nReleased March 29, 2018\n\n**Apple TV App**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the Apple TV App\n\nDescription: An input validation issue was addressed through improved input validation.\n\n****CVE-2018-4177: Jerry Decime\n\nEntry added April 13, 2018\n\n**Clock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to see the email address used for iTunes\n\nDescription: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed with improved access restrictions.\n\nCVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)\n\nEntry updated November 16, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4158: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated November 16, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added October 30, 2018, updated November 16, 2018\n\n**File System Events**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**Files Widget**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: File Widget may display contents on a locked device\n\nDescription: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.\n\nCVE-2018-4168: Brandon Moore\n\n**Find My iPhone**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password\n\nDescription: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.\n\nCVE-2018-4172: Viljami Vastam\u00e4ki\n\n**iCloud Drive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4151: Samuel Gro\u00df (@5aelo)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added October 30, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4187: Roman Mueller (@faker_), Zhiyang Zeng (@Wester) of Tencent Security Platform Department\n\nEntry added September 17, 2019\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4174: John McCombs of Integrated Mapping Ltd, McClain Looney of LoonSoft Inc.\n\nEntry updated April 13, 2018\n\n**NSURLSession**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**PluginKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4156: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department\n\n**Safari Login AutoFill**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.\n\nDescription: Safari autofill did not require explicit user interaction before taking place. The issue was addressed with improved autofill heuristics.\n\nCVE-2018-4137\n\nEntry updated November 16, 2018\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2018-4149: Abhinash Jain (@abhinashjain)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**Status Bar**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the microphone without indication to the user\n\nDescription: A consistency issue existed in deciding when to show the microphone use indicator. The issue was resolved with improved capability validation.\n\nCVE-2018-4173: Joshua Pokotilow of pingmd\n\nEntry added April 9, 2018\n\n**Storage**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4154: Samuel Gro\u00df (@5aelo)\n\n**System Preferences**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated November 16, 2018\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker can cause a device to unexpectedly restart\n\nDescription: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed with improved message validation.\n\nCVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV\n\nEntry updated November 16, 2018\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, and Wi-Fi + Cellular models of iPad Air and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple buffer overflows were addressed with improved input validation.\n\nCVE-2018-4148: Nico Golde of Comsecuris UG\n\nEntry added March 30, 2018\n\n**Web App**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cookies may unexpectedly persist in web app\n\nDescription: A cookie management issue was addressed with improved state management.\n\nCVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WindowServer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled\n\nDescription: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.\n\nCVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) from Wire Swiss GmbH for their assistance.\n\nEntry added June 21, 2018\n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n\n**WebKit**\n\nWe would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance.\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-27T08:17:52", "title": "About the security content of iOS 11.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4140", "CVE-2018-4119", "CVE-2018-4142", "CVE-2018-4130", "CVE-2018-4390", "CVE-2018-4177", "CVE-2018-4129", "CVE-2018-4174", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4185", "CVE-2018-4207", "CVE-2018-4157", "CVE-2018-4212", "CVE-2018-4166", "CVE-2018-4213", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4187", "CVE-2018-4149", "CVE-2018-4155", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4131", "CVE-2018-4145", "CVE-2018-4162", "CVE-2018-4391", "CVE-2018-4168", "CVE-2018-4154", "CVE-2018-4104", "CVE-2017-15412", "CVE-2018-4125", "CVE-2018-4143", "CVE-2018-4209", "CVE-2018-4113", "CVE-2018-4115", "CVE-2018-4151", "CVE-2018-4167", "CVE-2018-4210", "CVE-2018-4127", "CVE-2018-4208", "CVE-2018-4173", "CVE-2018-4123", "CVE-2018-4148", "CVE-2018-4134", "CVE-2018-4144", "CVE-2018-4137", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4150", "CVE-2018-4122", "CVE-2018-4156", "CVE-2018-4110", "CVE-2018-4158", "CVE-2018-4121", "CVE-2018-4172"], "modified": "2020-07-27T08:17:52", "id": "APPLE:HT208693", "href": "https://support.apple.com/kb/HT208693", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T04:14:38", "description": "# About the security content of Safari 11.1\n\nThis document describes the security content of Safari 11.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 11.1\n\nReleased March 29, 2018\n\n**Safari**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4102: Kai Zhao of 3H security team\n\nCVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Downloads**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: In Private Browsing, some downloads were not removed from the downloads list\n\nDescription: An information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.\n\nCVE-2018-4186: an anonymous researcher\n\nEntry added May 2, 2018\n\n**Safari Login AutoFill**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.\n\nDescription: Safari autofill did not require explicit user interaction before taking place. The issue was addressed with improved autofill heuristics.\n\nCVE-2018-4137\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: natashenka of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Visiting a maliciously crafted website may lead to a cross-site scripting attack\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4133: Anton Lopanitsyn of Wallarm, Linus S\u00e4rud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "apple", "title": "About the security content of Safari 11.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4102", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4116", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4133", "CVE-2018-4137", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4186", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213"], "modified": "2018-03-29T00:00:00", "id": "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "href": "https://support.apple.com/kb/HT208695", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:54", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 11.1\n\nReleased March 29, 2018\n\n**Safari**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4102: Kai Zhao of 3H security team\n\nCVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Downloads**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: In Private Browsing, some downloads were not removed from the downloads list\n\nDescription: An information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.\n\nCVE-2018-4186: an anonymous researcher\n\nEntry added May 2, 2018\n\n**Safari Login AutoFill**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.\n\nDescription: Safari autofill did not require explicit user interaction before taking place. The issue was addressed with improved autofill heuristics.\n\nCVE-2018-4137\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2018-4114: found by OSS-Fuzz\n\nCVE-2018-4118: Jun Kokatsu (@shhnjk)\n\nCVE-2018-4119: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nCVE-2018-4121: Natalie Silvanovich of Google Project Zero\n\nCVE-2018-4122: WanderingGlitch of Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4125: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4127: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4128: Zach Markley\n\nCVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4130: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4161: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4162: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4163: WanderingGlitch of Trend Micro's Zero Day Initiative\n\nCVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Visiting a maliciously crafted website may lead to a cross-site scripting attack\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4133: Anton Lopanitsyn of Wallarm, Linus S\u00e4rud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction with indexing types causing an ASSERT failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.\n\nCVE-2018-4113: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Processing maliciously crafted web content may lead to a denial of service\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2018-4146: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.\n\nCVE-2018-4117: an anonymous researcher, an anonymous researcher\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4207: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4208: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4209: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction with indexing types caused a failure\n\nDescription: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\n\nCVE-2018-4210: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4212: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4213: found by OSS-Fuzz\n\nEntry added May 2, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T12:38:28", "title": "About the security content of Safari 11.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4102", "CVE-2018-4207", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4116", "CVE-2018-4145", "CVE-2018-4133", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4186", "CVE-2018-4209", "CVE-2018-4113", "CVE-2018-4210", "CVE-2018-4127", "CVE-2018-4208", "CVE-2018-4137", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2018-11-17T12:38:28", "id": "APPLE:HT208695", "href": "https://support.apple.com/kb/HT208695", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:28", "description": "# About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan\n\nThis document describes the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan\n\nReleased March 29, 2018\n\n**Admin Framework**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Passwords supplied to sysadminctl may be exposed to other local users\n\nDescription: The sysadminctl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. This update makes the password parameter optional, and sysadminctl will prompt for the password if needed.\n\nCVE-2018-4170: an anonymous researcher\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An APFS volume password may be unexpectedly truncated\n\nDescription: An injection issue was addressed through improved input validation.\n\nCVE-2018-4105: David J Beitey (@davidjb_), Geoffrey Bugniot\n\n**ATS**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: Processing a maliciously crafted file might disclose user information\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2018-4112: Haik Aftandilian of Mozilla\n\n**CFNetwork Session**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**CoreFoundation**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4158: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated April 3, 2019\n\n**CoreTypes**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted webpage may result in the mounting of a disk image\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis\n\n**curl**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Multiple issues in curl\n\nDescription: An integer overflow existed in curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8816: Alex Nichols\n\nEntry updated April 3, 2019\n\n**Disk Images**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: Mounting a malicious disk image may result in the launching of an application\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4176: Theodor Ragnar Gislason of Syndis\n\n**Disk Management**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An APFS volume password may be unexpectedly truncated\n\nDescription: An injection issue was addressed through improved input validation.\n\nCVE-2018-4108: Kamatham Chaitanya of ShiftLeft Inc., an anonymous researcher\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry added October 18, 2018\n\n**File System Events**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**iCloud Drive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4151: Samuel Gro\u00df (@5aelo)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4132: Axis and pjf of IceSword Lab of Qihoo 360\n\n**IOFireWireFamily**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4135: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2018-4136: Jonas Jensen of lgtm.com and Semmle\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2018-4160: Jonas Jensen of lgtm.com and Semmle\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**kext tools**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2018-4139: Ian Beer of Google Project Zero\n\n**LaunchServices**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: A maliciously crafted application may be able to bypass code signing enforcement\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4175: Theodor Ragnar Gislason of Syndis\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.3, OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry updated October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4187: Roman Mueller (@faker_), Zhiyang Zeng (@Wester) of Tencent Security Platform Department\n\nEntry added April 3, 2019\n\n**Local Authentication**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A local user may be able to view senstive user information\n\nDescription: There was an issue with the handling of smartcard PINs. This issue was addressed with additional logic.\n\nCVE-2018-4179: David Fuhrmann\n\nEntry added April 13, 2018\n\n**Mail**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail\n\nDescription: An issue existed in the handling of S/MIME HTML e-mail. This issue was addressed by not loading remote resources on S/MIME encrypted messages by default if the message has an invalid or missing S/MIME signature.\n\nCVE-2018-4111: Damian Poddebniak of M\u00fcnster University of Applied Sciences, Christian Dresen of M\u00fcnster University of Applied Sciences, Jens M\u00fcller of Ruhr University Bochum, Fabian Ising of M\u00fcnster University of Applied Sciences, Sebastian Schinzel of M\u00fcnster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, J\u00f6rg Schwenk of Ruhr University Bochum\n\nEntry updated April 13, 2018\n\n**Mail**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4174: John McCombs of Integrated Mapping Ltd, McClain Looney of LoonSoft Inc.\n\nEntry updated April 13, 2018\n\n**Notes**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4152: Samuel Gro\u00df (@5aelo)\n\n**Notes**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**NSURLSession**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**NVIDIA Graphics Drivers**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4138: Axis and pjf of IceSword Lab of Qihoo 360\n\n**PDFKit**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Clicking a URL in a PDF may visit a malicious website\n\nDescription: An issue existed in the parsing of URLs in PDFs. This issue was addressed through improved input validation.\n\nCVE-2018-4107: Nick Safford of Innovia Technology\n\nEntry updated April 9, 2018\n\n**PluginKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4156: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Remote Management**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A remote user may be able to gain root privileges\n\nDescription: A permissions issue existed in Remote Management. This issue was addressed through improved permission validation.\n\nCVE-2018-4298: Tim van der Werff of SupCloud\n\nEntry added July 19, 2018\n\n**Security**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**SIP**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2017-13911: Timothy Perfitt of Twocanoes Software\n\nEntry added August 8, 2018, updated September 25, 2018\n\n**Status Bar**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to access the microphone without indication to the user\n\nDescription: A consistency issue existed in deciding when to show the microphone use indicator. The issue was resolved with improved capability validation.\n\nCVE-2018-4173: Joshua Pokotilow of pingmd\n\nEntry added April 9, 2018\n\n**Storage**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4154: Samuel Gro\u00df (@5aelo)\n\n**System Preferences**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated April 3, 2019\n\n**Terminal**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: Pasting malicious content may lead to arbitrary command execution\n\nDescription: A command injection issue existed in the handling of Bracketed Paste Mode. This issue was addressed through improved validation of special characters.\n\nCVE-2018-4106: Simon Hosie\n\nEntry updated May 15, 2019\n\n**WindowServer**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled\n\nDescription: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.\n\nCVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH\n\nEntry updated April 3, 2019\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) from Wire Swiss GmbH for their assistance.\n\nEntry added June 21, 2018\n\n**Safari Login AutoFill**\n\nWe would like to acknowledge Jun Kokatsu (@shhnjk) for their assistance.\n\nEntry added April 3, 2019\n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n\n**Sharing Pref Pane**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added April 3, 2019\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 15, 2019\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "apple", "title": "About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13890", "CVE-2017-13911", "CVE-2017-15412", "CVE-2017-7151", "CVE-2017-8816", "CVE-2018-4104", "CVE-2018-4105", "CVE-2018-4106", "CVE-2018-4107", "CVE-2018-4108", "CVE-2018-4111", "CVE-2018-4112", "CVE-2018-4115", "CVE-2018-4131", "CVE-2018-4132", "CVE-2018-4135", "CVE-2018-4136", "CVE-2018-4138", "CVE-2018-4139", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4150", "CVE-2018-4151", "CVE-2018-4152", "CVE-2018-4154", "CVE-2018-4155", "CVE-2018-4156", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4160", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4170", "CVE-2018-4173", "CVE-2018-4174", "CVE-2018-4175", "CVE-2018-4176", "CVE-2018-4179", "CVE-2018-4185", "CVE-2018-4187", "CVE-2018-4298"], "modified": "2018-03-29T00:00:00", "id": "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "href": "https://support.apple.com/kb/HT208692", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:47", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan\n\nReleased March 29, 2018\n\n**Admin Framework**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Passwords supplied to sysadminctl may be exposed to other local users\n\nDescription: The sysadminctl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. This update makes the password parameter optional, and sysadminctl will prompt for the password if needed.\n\nCVE-2018-4170: an anonymous researcher\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An APFS volume password may be unexpectedly truncated\n\nDescription: An injection issue was addressed through improved input validation.\n\nCVE-2018-4105: David J Beitey (@davidjb_), Geoffrey Bugniot\n\n**ATS**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: Processing a maliciously crafted file might disclose user information\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2018-4112: Haik Aftandilian of Mozilla\n\n**CFNetwork Session**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**CoreFoundation**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4155: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4158: Samuel Gro\u00df (@5aelo)\n\n**CoreText**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4142: Robin Leroy of Google Switzerland GmbH\n\nEntry updated April 3, 2019\n\n**CoreTypes**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted webpage may result in the mounting of a disk image\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis\n\n**curl**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Multiple issues in curl\n\nDescription: An integer overflow existed in curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8816: Alex Nichols\n\nEntry updated April 3, 2019\n\n**Disk Images**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: Mounting a malicious disk image may result in the launching of an application\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4176: Theodor Ragnar Gislason of Syndis\n\n**Disk Management**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An APFS volume password may be unexpectedly truncated\n\nDescription: An injection issue was addressed through improved input validation.\n\nCVE-2018-4108: Kamatham Chaitanya of ShiftLeft Inc., an anonymous researcher\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry added October 18, 2018\n\n**File System Events**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4167: Samuel Gro\u00df (@5aelo)\n\n**iCloud Drive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4151: Samuel Gro\u00df (@5aelo)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4132: Axis and pjf of IceSword Lab of Qihoo 360\n\n**IOFireWireFamily**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4135: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4150: an anonymous researcher\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4104: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4143: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2018-4136: Jonas Jensen of lgtm.com and Semmle\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2018-4160: Jonas Jensen of lgtm.com and Semmle\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.\n\nCVE-2018-4185: Brandon Azad\n\nEntry added July 19, 2018\n\n**kext tools**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2018-4139: Ian Beer of Google Project Zero\n\n**LaunchServices**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: A maliciously crafted application may be able to bypass code signing enforcement\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4175: Theodor Ragnar Gislason of Syndis\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.3, OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-15412: Nick Wellnhofer\n\nEntry updated October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4187: Roman Mueller (@faker_), Zhiyang Zeng (@Wester) of Tencent Security Platform Department\n\nEntry added April 3, 2019\n\n**Local Authentication**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A local user may be able to view senstive user information\n\nDescription: There was an issue with the handling of smartcard PINs. This issue was addressed with additional logic.\n\nCVE-2018-4179: David Fuhrmann\n\nEntry added April 13, 2018\n\n**Mail**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail\n\nDescription: An issue existed in the handling of S/MIME HTML e-mail. This issue was addressed by not loading remote resources on S/MIME encrypted messages by default if the message has an invalid or missing S/MIME signature.\n\nCVE-2018-4111: Damian Poddebniak of M\u00fcnster University of Applied Sciences, Christian Dresen of M\u00fcnster University of Applied Sciences, Jens M\u00fcller of Ruhr University Bochum, Fabian Ising of M\u00fcnster University of Applied Sciences, Sebastian Schinzel of M\u00fcnster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, J\u00f6rg Schwenk of Ruhr University Bochum\n\nEntry updated April 13, 2018\n\n**Mail**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4174: John McCombs of Integrated Mapping Ltd, McClain Looney of LoonSoft Inc.\n\nEntry updated April 13, 2018\n\n**Notes**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4152: Samuel Gro\u00df (@5aelo)\n\n**Notes**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**NSURLSession**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4166: Samuel Gro\u00df (@5aelo)\n\n**NVIDIA Graphics Drivers**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4138: Axis and pjf of IceSword Lab of Qihoo 360\n\n**PDFKit**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: Clicking a URL in a PDF may visit a malicious website\n\nDescription: An issue existed in the parsing of URLs in PDFs. This issue was addressed through improved input validation.\n\nCVE-2018-4107: Nick Safford of Innovia Technology\n\nEntry updated April 9, 2018\n\n**PluginKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4156: Samuel Gro\u00df (@5aelo)\n\n**Quick Look**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4157: Samuel Gro\u00df (@5aelo)\n\n**Remote Management**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A remote user may be able to gain root privileges\n\nDescription: A permissions issue existed in Remote Management. This issue was addressed through improved permission validation.\n\nCVE-2018-4298: Tim van der Werff of SupCloud\n\nEntry added July 19, 2018\n\n**Security**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2018-4144: Abraham Masri (@cheesecakeufo)\n\n**SIP**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2017-13911: Timothy Perfitt of Twocanoes Software\n\nEntry added August 8, 2018, updated September 25, 2018\n\n**Status Bar**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A malicious application may be able to access the microphone without indication to the user\n\nDescription: A consistency issue existed in deciding when to show the microphone use indicator. The issue was resolved with improved capability validation.\n\nCVE-2018-4173: Joshua Pokotilow of pingmd\n\nEntry added April 9, 2018\n\n**Storage**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4154: Samuel Gro\u00df (@5aelo)\n\n**System Preferences**\n\nAvailable for: macOS High Sierra 10.13.3\n\nImpact: A configuration profile may incorrectly remain in effect after removal\n\nDescription: An issue existed in CFPreferences. This issue was addressed with improved preferences cleanup.\n\nCVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera\n\nEntry updated April 3, 2019\n\n**Terminal**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: Pasting malicious content may lead to arbitrary command execution\n\nDescription: A command injection issue existed in the handling of Bracketed Paste Mode. This issue was addressed through improved validation of special characters.\n\nCVE-2018-4106: Simon Hosie\n\nEntry updated May 15, 2019\n\n**WindowServer**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.3\n\nImpact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled\n\nDescription: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.\n\nCVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH\n\nEntry updated April 3, 2019\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) from Wire Swiss GmbH for their assistance.\n\nEntry added June 21, 2018\n\n**Safari Login AutoFill**\n\nWe would like to acknowledge Jun Kokatsu (@shhnjk) for their assistance.\n\nEntry added April 3, 2019\n\n**Security**\n\nWe would like to acknowledge Abraham Masri (@cheesecakeufo) for their assistance.\n\nEntry added April 13, 2018\n\n**Sharing Pref Pane**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added April 3, 2019\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-15T09:12:42", "title": "About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4179", "CVE-2018-4142", "CVE-2018-4138", "CVE-2018-4174", "CVE-2018-4152", "CVE-2017-7151", "CVE-2017-13080", "CVE-2018-4132", "CVE-2018-4112", "CVE-2018-4185", "CVE-2018-4107", "CVE-2018-4108", "CVE-2018-4157", "CVE-2018-4136", "CVE-2018-4166", "CVE-2018-4187", "CVE-2018-4176", "CVE-2018-4155", "CVE-2018-4298", "CVE-2017-13911", "CVE-2018-4135", "CVE-2018-4106", "CVE-2018-4131", "CVE-2018-4154", "CVE-2018-4139", "CVE-2018-4104", "CVE-2017-15412", "CVE-2018-4143", "CVE-2017-8816", "CVE-2017-13890", "CVE-2018-4115", "CVE-2018-4151", "CVE-2018-4167", "CVE-2018-4111", "CVE-2018-4173", "CVE-2018-4175", "CVE-2018-4144", "CVE-2018-4170", "CVE-2018-4150", "CVE-2018-4160", "CVE-2018-4105", "CVE-2018-4156", "CVE-2018-4158"], "modified": "2019-05-15T09:12:42", "id": "APPLE:HT208692", "href": "https://support.apple.com/kb/HT208692", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T04:14:26", "description": "# About the security content of iOS 12.1\n\nThis document describes the security content of iOS 12.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 12.1\n\nReleased October 30, 2018\n\n**AppleAVD**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: natashenka of Google Project Zero\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read a persistent device identifier\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2018-4339: Michael Thomas (@NSBiscuit)\n\nEntry added June 24, 2019\n\n**Contacts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted vcf file may lead to a denial of service\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4365: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4366: natashenka of Google Project Zero\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4367: natashenka of Google Project Zero\n\n**Graphics Driver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: natashenka of Google Project Zero\n\nEntry updated November 16, 2018\n\n**ICU**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4427: Pangu Team\n\n**IPSec**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\n**NetworkExtension**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to share items from the lock screen\n\nDescription: A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.\n\nCVE-2018-4388: videosdebarraquito\n\nEntry updated November 16, 2018\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.\n\n**VoiceOver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to view photos from the lock screen\n\nDescription: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.\n\nCVE-2018-4387: videosdebarraquito\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4385: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**WiFi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**CommonCrypto**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Books**\n\nWe would like to acknowledge Sem Voigtl\u00e4nder of Fontys Hogeschool ICT for their assistance.\n\nEntry updated September 17, 2019\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added September 17, 2019\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "apple", "title": "About the security content of iOS 12.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4339", "CVE-2018-4365", "CVE-2018-4366", "CVE-2018-4367", "CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4382", "CVE-2018-4384", "CVE-2018-4385", "CVE-2018-4386", "CVE-2018-4387", "CVE-2018-4388", "CVE-2018-4390", "CVE-2018-4391", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4400", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420", "CVE-2018-4427"], "modified": "2018-10-30T00:00:00", "id": "APPLE:17C608E2C103690298834FEC459F2960", "href": "https://support.apple.com/kb/HT209192", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:41", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 12.1\n\nReleased October 30, 2018\n\n**AppleAVD**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: Natalie Silvanovich of Google Project Zero\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read a persistent device identifier\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2018-4339: Michael Thomas (@NSBiscuit)\n\nEntry added June 24, 2019\n\n**Contacts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted vcf file may lead to a denial of service\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4365: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4366: Natalie Silvanovich of Google Project Zero\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4367: Natalie Silvanovich of Google Project Zero\n\n**Graphics Driver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: Natalie Silvanovich of Google Project Zero\n\nEntry updated November 16, 2018\n\n**ICU**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4427: Pangu Team\n\n**IPSec**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\n**NetworkExtension**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to share items from the lock screen\n\nDescription: A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.\n\nCVE-2018-4388: videosdebarraquito\n\nEntry updated November 16, 2018\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.\n\n**VoiceOver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to view photos from the lock screen\n\nDescription: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.\n\nCVE-2018-4387: videosdebarraquito\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4385: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**WiFi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**CommonCrypto**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Books**\n\nWe would like to acknowledge Sem Voigtl\u00e4nder of Fontys Hogeschool ICT for their assistance.\n\nEntry updated September 17, 2019\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added September 17, 2019\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-17T10:50:05", "title": "About the security content of iOS 12.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4390", "CVE-2018-4372", "CVE-2018-4368", "CVE-2018-4400", "CVE-2018-4384", "CVE-2018-4385", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4366", "CVE-2018-4365", "CVE-2018-4427", "CVE-2018-4377", "CVE-2018-4369", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4420", "CVE-2018-4419", "CVE-2018-4398", "CVE-2018-4382", "CVE-2018-4391", "CVE-2018-4371", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4367", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4394", "CVE-2018-4388", "CVE-2018-4339", "CVE-2018-4386", "CVE-2018-4387"], "modified": "2019-09-17T10:50:05", "id": "APPLE:HT209192", "href": "https://support.apple.com/kb/HT209192", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:21", "description": "# About the security content of iTunes 12.8 for Windows\n\nThis document describes the security content of iTunes 12.8 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.8 for Windows\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated August 1, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 01, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.8 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4145", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2018-07-09T00:00:00", "id": "APPLE:80F205F5E8A723A8899FE7CE7D761778", "href": "https://support.apple.com/kb/HT208933", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:30", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.8 for Windows\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated August 1, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-01T04:33:04", "title": "About the security content of iTunes 12.8 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4145", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2019-08-01T04:33:04", "id": "APPLE:HT208933", "href": "https://support.apple.com/kb/HT208933", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-03-01T14:38:15", "description": "According to its banner, the version of Apple TV on the remote device is prior to 11.3. It is, therefore, affected by multiple vulnerabilities as described in the HT208698 security advisory.\n\nNote that only 4th and 5th generation models are affected by these vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-16T00:00:00", "type": "nessus", "title": "Apple TV < 11.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4104", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4150", "CVE-2018-4155", "CVE-2018-4157", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4166", "CVE-2018-4167"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_11_3.NASL", "href": "https://www.tenable.com/plugins/nessus/109060", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109060);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4104\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4115\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4142\",\n \"CVE-2018-4143\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4150\",\n \"CVE-2018-4155\",\n \"CVE-2018-4157\",\n \"CVE-2018-4161\",\n \"CVE-2018-4162\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\",\n \"CVE-2018-4166\",\n \"CVE-2018-4167\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-3-29-3\");\n\n script_name(english:\"Apple TV < 11.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 11.3. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208698 security advisory.\n\nNote that only 4th and 5th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208698\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 11.3 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4143\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"15L211\";\ntvos_ver = '11';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-09T16:43:55", "description": "The version of Apple iOS running on the mobile device is prior to 11.3. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Apple iOS < 11.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412", "CVE-2018-4101", "CVE-2018-4104", "CVE-2018-4110", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4123", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4131", "CVE-2018-4134", "CVE-2018-4137", "CVE-2018-4140", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4148", "CVE-2018-4149", "CVE-2018-4150", "CVE-2018-4151", "CVE-2018-4154", "CVE-2018-4155", "CVE-2018-4156", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4168", "CVE-2018-4172", "CVE-2018-4173", "CVE-2018-4174", "CVE-2018-4177", "CVE-2018-4185", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_113_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/108812", "sourceData": "Binary data apple_ios_113_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:44:42", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208695 security advisory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4102", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4116", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4133", "CVE-2018-4137", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4186", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213"], "modified": "2019-07-03T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI11_1_0.NASL", "href": "https://www.tenable.com/plugins/nessus/108805", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108805);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/03 12:01:40\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4102\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4116\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4133\",\n \"CVE-2018-4137\",\n \"CVE-2018-4145\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4162\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\",\n \"CVE-2018-4186\",\n \"CVE-2018-4207\",\n \"CVE-2018-4208\",\n \"CVE-2018-4209\",\n \"CVE-2018-4210\",\n \"CVE-2018-4212\",\n \"CVE-2018-4213\"\n );\n script_bugtraq_id(103580, 104887);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-3-29-6\");\n\n script_name(english:\"macOS : Apple Safari < 11.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208695 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208695\");\n # https://lists.apple.com/archives/security-announce/2018/Mar/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a2c7175\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4101\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_apple_safari_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, 'Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13');\n\nget_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);\npath = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);\nversion = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);\n\nfixed_version = '11.1';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n 'Path', path,\n 'Installed version', version,\n 'Fixed version', fixed_version\n ),\n ordered_fields:make_list('Path', 'Installed version', 'Fixed version')\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T14:37:50", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.4. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_4.NASL", "href": "https://www.tenable.com/plugins/nessus/108795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108795);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:09\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\"\n);\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.4. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208694\");\n script_set_attribute(attribute:\"solution\", value:\n \"Upgrade to Apple iTunes version 12.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4144\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.7.4\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:38:30", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.4. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_4_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/108796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108796);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\"\n );\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.4. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4144\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.7.4\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T23:19:45", "description": "The version of Apple iOS running on the mobile device is prior to 11.3. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 11.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4104", "CVE-2018-4110", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4123", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4131", "CVE-2018-4134", "CVE-2018-4137", "CVE-2018-4140", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4149", "CVE-2018-4150", "CVE-2018-4151", "CVE-2018-4154", "CVE-2018-4155", "CVE-2018-4156", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4168", "CVE-2018-4172", "CVE-2018-4174"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "700548.PRM", "href": "https://www.tenable.com/plugins/nnm/700548", "sourceData": "Binary data 700548.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-13T14:36:09", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.10 : WebKitGTK&#43; vulnerabilities (USN-3635-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3635-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3635-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109468);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\");\n script_xref(name:\"USN\", value:\"3635-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.10 : WebKitGTK&#43; vulnerabilities (USN-3635-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3635-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.1-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.1-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T23:19:42", "description": "The version of Apple Safari installed on the remote host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208695 security advisory.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4102", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4116", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4133", "CVE-2018-4137", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "700503.PRM", "href": "https://www.tenable.com/plugins/nnm/700503", "sourceData": "Binary data 700503.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T23:19:47", "description": "The remote host is running a version of macOS that is 10.13.x prior to 10.13.4. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Admin Framework\n - APFS\n - ATS\n - CoreFoundation\n - CoreText\n - Disk Images\n - Disk Management\n - File System Events\n - iCloud Drive\n - Intel Graphics Driver\n - IOFireWireFamily\n - Kernel\n - kext tools\n - LaunchServices\n - Mail\n - Notes\n - NSURLSession\n - NVIDIA Graphics Drivers\n - PDFKit\n - PluginKit\n - Quick Look\n - Security\n - Storage\n - System Preferences\n - Terminal\n - WindowServer\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13890", "CVE-2017-8816", "CVE-2018-4104", "CVE-2018-4105", "CVE-2018-4106", "CVE-2018-4107", "CVE-2018-4108", "CVE-2018-4111", "CVE-2018-4112", "CVE-2018-4115", "CVE-2018-4131", "CVE-2018-4132", "CVE-2018-4135", "CVE-2018-4136", "CVE-2018-4138", "CVE-2018-4139", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4150", "CVE-2018-4151", "CVE-2018-4152", "CVE-2018-4154", "CVE-2018-4155", "CVE-2018-4156", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4160", "CVE-2018-4166", "CVE-2018-4167", "CVE-2018-4170", "CVE-2018-4174", "CVE-2018-4175", "CVE-2018-4176"], "modified": "2019-04-10T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "700515.PRM", "href": "https://www.tenable.com/plugins/nnm/700515", "sourceData": "Binary data 700515.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:37:36", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.4. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Admin Framework\n - APFS\n - ATS\n - CoreFoundation\n - CoreText\n - Disk Images\n - Disk Management\n - File System Events\n - iCloud Drive\n - Intel Graphics Driver\n - IOFireWireFamily\n - Kernel\n - kext tools\n - LaunchServices\n - Mail\n - Notes\n - NSURLSession\n - NVIDIA Graphics Drivers\n - PDFKit\n - PluginKit\n - Quick Look\n - Security\n - Storage\n - System Preferences\n - Terminal\n - WindowServer\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-02T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13890", "CVE-2017-13911", "CVE-2017-15412", "CVE-2017-7151", "CVE-2018-4104", "CVE-2018-4105", "CVE-2018-4106", "CVE-2018-4107", "CVE-2018-4108", "CVE-2018-4111", "CVE-2018-4112", "CVE-2018-4115", "CVE-2018-4131", "CVE-2018-4132", "CVE-2018-4135", "CVE-2018-4136", "CVE-2018-4138", "CVE-2018-4139", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4150", "CVE-2018-4151", "CVE-2018-4152", "CVE-2018-4154", "CVE-2018-4155", "CVE-2018-4156", "CVE-2018-4157", "CVE-2018-4158", "CVE-2018-4160", "CVE-2018-4167", "CVE-2018-4170", "CVE-2018-4173", "CVE-2018-4174", "CVE-2018-4175", "CVE-2018-4176", "CVE-2018-4179", "CVE-2018-4185", "CVE-2018-4187", "CVE-2018-4298"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_4.NASL", "href": "https://www.tenable.com/plugins/nessus/108786", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108786);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-13080\",\n \"CVE-2017-13890\",\n \"CVE-2017-13911\",\n \"CVE-2017-15412\",\n \"CVE-2017-7151\",\n \"CVE-2018-4104\",\n \"CVE-2018-4105\",\n \"CVE-2018-4106\",\n \"CVE-2018-4107\",\n \"CVE-2018-4108\",\n \"CVE-2018-4111\",\n \"CVE-2018-4112\",\n \"CVE-2018-4115\",\n \"CVE-2018-4131\",\n \"CVE-2018-4132\",\n \"CVE-2018-4135\",\n \"CVE-2018-4136\",\n \"CVE-2018-4138\",\n \"CVE-2018-4139\",\n \"CVE-2018-4142\",\n \"CVE-2018-4143\",\n \"CVE-2018-4144\",\n \"CVE-2018-4150\",\n \"CVE-2018-4151\",\n \"CVE-2018-4152\",\n \"CVE-2018-4154\",\n \"CVE-2018-4155\",\n \"CVE-2018-4156\",\n \"CVE-2018-4157\",\n \"CVE-2018-4158\",\n \"CVE-2018-4160\",\n \"CVE-2018-4167\",\n \"CVE-2018-4170\",\n \"CVE-2018-4173\",\n \"CVE-2018-4174\",\n \"CVE-2018-4175\",\n \"CVE-2018-4176\",\n \"CVE-2018-4179\",\n \"CVE-2018-4185\",\n \"CVE-2018-4187\",\n \"CVE-2018-4298\"\n );\n script_bugtraq_id(\n 101274,\n 102098,\n 103579,\n 103581,\n 103582,\n 103958,\n 104223\n );\n script_name(english:\"macOS 10.13.x < 10.13.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is\n10.13.x prior to 10.13.4. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Admin Framework\n - APFS\n - ATS\n - CoreFoundation\n - CoreText\n - Disk Images\n - Disk Management\n - File System Events\n - iCloud Drive\n - Intel Graphics Driver\n - IOFireWireFamily\n - Kernel\n - kext tools\n - LaunchServices\n - Mail\n - Notes\n - NSURLSession\n - NVIDIA Graphics Drivers\n - PDFKit\n - PluginKit\n - Quick Look\n - Security\n - Storage\n - System Preferences\n - Terminal\n - WindowServer\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208692\");\n # https://lists.apple.com/archives/security-announce/2018/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0e00f71\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4298\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.4\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.4', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:22", "description": "This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\nCVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999)\n\nCVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535).\n\nCVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535).\n\nCVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\nCVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279).\n\nCVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit' component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182)\n\nCVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1088182, bsc#1102530).\n\nCVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092278).\n\nCVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted website (bsc#1088182).\n\nCVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693)\n\nCVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)\n\nCVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693)\n\nCVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693)\n\nCVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages type confusion (bsc#1104169)\n\nCVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611)\n\nCVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182).\n\nCVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted websites via a WebSocket connection (bsc#1096060).\n\nCVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues: Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932).\n\nFixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\nDisable Gigacage if mmap fails to allocate in Linux.\n\nAdd user agent quirk for paypal website.\n\nProperly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.\n\nFix a network process crash when trying to get cookies of about:blank page.\n\nFix UI process crash when closing the window under Wayland.\n\nFix several crashes and rendering issues.\n\nDo TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.\n\nProperly close the connection to the nested wayland compositor in the Web Process.\n\nAvoid painting backing stores for zero-opacity layers.\n\nFix downloads started by context menu failing in some websites due to missing user agent HTTP header.\n\nFix video unpause when GStreamerGL is disabled.\n\nFix several GObject introspection annotations.\n\nUpdate user agent quiks to fix Outlook.com and Chase.com.\n\nFix several crashes and rendering issues.\n\nImprove error message when Gigacage cannot allocate virtual memory.\n\nAdd missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\nImprove web process memory monitor thresholds.\n\nFix a web process crash when the web view is created and destroyed quickly.\n\nFix a network process crash when load is cancelled while searching for stored HTTP auth credentials.\n\nFix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled.\n\nNew API to retrieve and delete cookies with WebKitCookieManager.\n\nNew web process API to detect when form is submitted via JavaScript.\n\nSeveral improvements and fixes in the touch/gestures support.\n\nSupport for the &Atilde;&cent;&Acirc;&#128;&Acirc;&#156;system&Atilde;&cent;&Acirc;&#1 28;&Acirc;&#157; CSS font family.\n\nComplex text rendering improvements and fixes.\n\nMore complete and spec compliant WebDriver implementation.\n\nEnsure DNS prefetching cannot be re-enabled if disabled by settings.\n\nFix seek sometimes not working.\n\nFix rendering of emojis that were using the wrong scale factor in some cases.\n\nFix rendering of combining enclosed keycap.\n\nFix rendering scale of some layers in HiDPI.\n\nFix a crash in Wayland when closing the web view.\n\nFix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower.\n\nFix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\nFix several crashes and rendering issues.\n\nAdd ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support.\n\nFix a crash a under Wayland when using mesa software rasterization.\n\nMake fullscreen video work again.\n\nFix handling of missing GStreamer elements.\n\nFix rendering when webm video is played twice.\n\nFix kinetic scrolling sometimes jumping around.\n\nFix build with ICU configured without collation support.\n\nWebSockets use system proxy settings now (requires libsoup 2.61.90).\n\nShow the context menu on long-press gesture.\n\nAdd support for Shift + mouse scroll to scroll horizontally.\n\nFix zoom gesture to actually zoom instead of changing the page scale.\n\nImplement support for Graphics ARIA roles.\n\nMake sleep inhibitors work under Flatpak.\n\nAdd get element CSS value command to WebDriver.\n\nFix a crash aftter a swipe gesture.\n\nFix several crashes and rendering issues.\n\nFix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk.\n\nFix parsing of timeout values in WebDriver.\n\nImplement get timeouts command in WebDriver.\n\nFix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\nFix several crashes and rendering issues.\n\nAdd web process API to detect when form is submitted via JavaScript.\n\nAdd new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated.\n\nAdd WebKitWebView::web-process-terminated signal and deprecate web-process-crashed.\n\nFix rendering issues when editing text areas.\n\nUse FastMalloc based GstAllocator for GStreamer.\n\nFix web process crash at startup in bmalloc.\n\nFix several memory leaks in GStreamer media backend.\n\nWebKitWebDriver process no longer links to libjavascriptcoregtk.\n\nFix several crashes and rendering issues.\n\nAdd new API to add, retrieve and delete cookies via WebKitCookieManager.\n\nAdd functions to WebSettings to convert font sizes between points and pixels.\n\nEnsure cookie operations take effect when they happen before a web process has been spawned.\n\nAutomatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\nAdd initial resource load statistics support.\n\nAdd API to expose availability of certain editing commands in WebKitEditorState.\n\nAdd API to query whether a WebKitNavigationAction is a redirect or not.\n\nImprove complex text rendering.\n\nAdd support for the 'system' CSS font family.\n\nDisable USE_GSTREAMER_GL\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12911", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4204", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4246"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3387-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118389", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3387-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118389);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\nCVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs\n(boo#1101999)\n\nCVE-2017-13884: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-13885: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7153: An unspecified issue allowed remote attackers to spoof\nuser-interface information (about whether the entire content is\nderived from a valid TLS session) via a crafted website that sends a\n401 Unauthorized redirect (bsc#1077535).\n\nCVE-2017-7160: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7161: An unspecified issue allowed remote attackers to\nexecute arbitrary code via special characters that trigger command\ninjection (bsc#1075775, bsc#1077535).\n\nCVE-2017-7165: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4088: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4096: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4200: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website that triggers a\nWebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\nCVE-2018-4204: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1092279).\n\nCVE-2018-4101: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit'\ncomponent allowed attackers to trigger an assertion failure by\nleveraging improper array indexing (bsc#1088182)\n\nCVE-2018-4114: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4117: An unspecified issue allowed remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via a crafted\nwebsite (bsc#1088182, bsc#1102530).\n\nCVE-2018-4118: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4119: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4120: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4121: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1092278).\n\nCVE-2018-4122: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4125: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4127: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4128: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4129: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4146: An unspecified issue allowed attackers to cause a\ndenial of service (memory corruption) via a crafted website\n(bsc#1088182).\n\nCVE-2018-4161: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4162: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4163: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4165: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4190: An unspecified issue allowed remote attackers to obtain\nsensitive credential information that is transmitted during a CSS\nmask-image fetch (bsc#1097693)\n\nCVE-2018-4199: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (buffer overflow\nand application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4218: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website that triggers an\n@generatorState use-after-free (bsc#1097693)\n\nCVE-2018-4222: An unspecified issue allowed remote attackers to\nexecute arbitrary code via a crafted website that leverages a\ngetWasmBufferFromValue out-of-bounds read during WebAssembly\ncompilation (bsc#1097693)\n\nCVE-2018-4232: An unspecified issue allowed remote attackers to\noverwrite cookies via a crafted website (bsc#1097693)\n\nCVE-2018-4233: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4246: An unspecified issue allowed remote attackers to\nexecute arbitrary code via a crafted website that leverages type\nconfusion (bsc#1104169)\n\nCVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and\nwebkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL,\nleading to an application crash (bsc#1095611)\n\nCVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability\nallowed remote attackers to inject arbitrary web script or HTML via a\ncrafted URL (bsc#1088182).\n\nCVE-2018-11713: The libsoup network backend of WebKit unexpectedly\nfailed to use system proxy settings for WebSocket connections. As a\nresult, users could be deanonymized by crafted websites via a\nWebSocket connection (bsc#1096060).\n\nCVE-2018-11712: The libsoup network backend of WebKit failed to\nperform TLS certificate verification for WebSocket connections\n(bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues: Fixed a crash\nwhen atk_object_ref_state_set is called on an AtkObject that's being\ndestroyed (bsc#1088932).\n\nFixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\nDisable Gigacage if mmap fails to allocate in Linux.\n\nAdd user agent quirk for paypal website.\n\nProperly detect compiler flags, needed libs, and fallbacks for usage\nof 64-bit atomic operations.\n\nFix a network process crash when trying to get cookies of about:blank\npage.\n\nFix UI process crash when closing the window under Wayland.\n\nFix several crashes and rendering issues.\n\nDo TLS error checking on GTlsConnection::accept-certificate to finish\nthe load earlier in case of errors.\n\nProperly close the connection to the nested wayland compositor in the\nWeb Process.\n\nAvoid painting backing stores for zero-opacity layers.\n\nFix downloads started by context menu failing in some websites due to\nmissing user agent HTTP header.\n\nFix video unpause when GStreamerGL is disabled.\n\nFix several GObject introspection annotations.\n\nUpdate user agent quiks to fix Outlook.com and Chase.com.\n\nFix several crashes and rendering issues.\n\nImprove error message when Gigacage cannot allocate virtual memory.\n\nAdd missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\nImprove web process memory monitor thresholds.\n\nFix a web process crash when the web view is created and destroyed\nquickly.\n\nFix a network process crash when load is cancelled while searching for\nstored HTTP auth credentials.\n\nFix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are\ndisabled.\n\nNew API to retrieve and delete cookies with WebKitCookieManager.\n\nNew web process API to detect when form is submitted via JavaScript.\n\nSeveral improvements and fixes in the touch/gestures support.\n\nSupport for the\n&Atilde;&cent;&Acirc;&#128;&Acirc;&#156;system&Atilde;&cent;&Acirc;&#1\n28;&Acirc;&#157; CSS font family.\n\nComplex text rendering improvements and fixes.\n\nMore complete and spec compliant WebDriver implementation.\n\nEnsure DNS prefetching cannot be re-enabled if disabled by settings.\n\nFix seek sometimes not working.\n\nFix rendering of emojis that were using the wrong scale factor in some\ncases.\n\nFix rendering of combining enclosed keycap.\n\nFix rendering scale of some layers in HiDPI.\n\nFix a crash in Wayland when closing the web view.\n\nFix crashes upower crashes when running inside a chroot or on systems\nwith broken dbus/upower.\n\nFix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\nFix several crashes and rendering issues.\n\nAdd ENABLE_ADDRESS_SANITIZER to make it easier to build with asan\nsupport.\n\nFix a crash a under Wayland when using mesa software rasterization.\n\nMake fullscreen video work again.\n\nFix handling of missing GStreamer elements.\n\nFix rendering when webm video is played twice.\n\nFix kinetic scrolling sometimes jumping around.\n\nFix build with ICU configured without collation support.\n\nWebSockets use system proxy settings now (requires libsoup 2.61.90).\n\nShow the context menu on long-press gesture.\n\nAdd support for Shift + mouse scroll to scroll horizontally.\n\nFix zoom gesture to actually zoom instead of changing the page scale.\n\nImplement support for Graphics ARIA roles.\n\nMake sleep inhibitors work under Flatpak.\n\nAdd get element CSS value command to WebDriver.\n\nFix a crash aftter a swipe gesture.\n\nFix several crashes and rendering issues.\n\nFix crashes due to duplicated symbols in libjavascriptcoregtk and\nlibwebkit2gtk.\n\nFix parsing of timeout values in WebDriver.\n\nImplement get timeouts command in WebDriver.\n\nFix deadlock in GStreamer video sink during shutdown when accelerated\ncompositing is disabled.\n\nFix several crashes and rendering issues.\n\nAdd web process API to detect when form is submitted via JavaScript.\n\nAdd new API to replace\nwebkit_form_submission_request_get_text_fields() that is now\ndeprecated.\n\nAdd WebKitWebView::web-process-terminated signal and deprecate\nweb-process-crashed.\n\nFix rendering issues when editing text areas.\n\nUse FastMalloc based GstAllocator for GStreamer.\n\nFix web process crash at startup in bmalloc.\n\nFix several memory leaks in GStreamer media backend.\n\nWebKitWebDriver process no longer links to libjavascriptcoregtk.\n\nFix several crashes and rendering issues.\n\nAdd new API to add, retrieve and delete cookies via\nWebKitCookieManager.\n\nAdd functions to WebSettings to convert font sizes between points and\npixels.\n\nEnsure cookie operations take effect when they happen before a web\nprocess has been spawned.\n\nAutomatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\nAdd initial resource load statistics support.\n\nAdd API to expose availability of certain editing commands in\nWebKitEditorState.\n\nAdd API to query whether a WebKitNavigationAction is a redirect or\nnot.\n\nImprove complex text rendering.\n\nAdd support for the 'system' CSS font family.\n\nDisable USE_GSTREAMER_GL\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13885/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7153/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7160/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11646/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4119/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4122/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4162/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4190/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4199/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4204/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4218/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4222/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4232/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4246/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183387-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a02e1c7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2432=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.20.3-2.23.8\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:45", "description": "This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit' component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182)\n\n - CVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1088182, bsc#1102530).\n\n - CVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092278).\n\n - CVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted website (bsc#1088182).\n\n - CVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693)\n\n - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)\n\n - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)\n\n - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) \n\n - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693) \n\n - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693) \n\n - CVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages type confusion (bsc#1104169) \n\n - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611)\n\n - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182).\n\n - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted websites via a WebSocket connection (bsc#1096060).\n\n - CVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues :\n\n - Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932).\n\n - Fixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\n - Disable Gigacage if mmap fails to allocate in Linux.\n\n - Add user agent quirk for paypal website.\n\n - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.\n\n - Fix a network process crash when trying to get cookies of about:blank page.\n\n - Fix UI process crash when closing the window under Wayland.\n\n - Fix several crashes and rendering issues.\n\n - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.\n\n - Properly close the connection to the nested wayland compositor in the Web Process.\n\n - Avoid painting backing stores for zero-opacity layers.\n\n - Fix downloads started by context menu failing in some websites due to missing user agent HTTP header.\n\n - Fix video unpause when GStreamerGL is disabled.\n\n - Fix several GObject introspection annotations.\n\n - Update user agent quiks to fix Outlook.com and Chase.com.\n\n - Fix several crashes and rendering issues.\n\n - Improve error message when Gigacage cannot allocate virtual memory.\n\n - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\n - Improve web process memory monitor thresholds.\n\n - Fix a web process crash when the web view is created and destroyed quickly.\n\n - Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials.\n\n - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled.\n\n - New API to retrieve and delete cookies with WebKitCookieManager.\n\n - New web process API to detect when form is submitted via JavaScript.\n\n - Several improvements and fixes in the touch/gestures support.\n\n - Support for the &ldquo;system&rdquo; CSS font family.\n\n - Complex text rendering improvements and fixes.\n\n - More complete and spec compliant WebDriver implementation.\n\n - Ensure DNS prefetching cannot be re-enabled if disabled by settings.\n\n - Fix seek sometimes not working.\n\n - Fix rendering of emojis that were using the wrong scale factor in some cases.\n\n - Fix rendering of combining enclosed keycap.\n\n - Fix rendering scale of some layers in HiDPI.\n\n - Fix a crash in Wayland when closing the web view.\n\n - Fix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower.\n\n - Fix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\n - Fix several crashes and rendering issues.\n\n - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support.\n\n - Fix a crash a under Wayland when using mesa software rasterization.\n\n - Make fullscreen video work again.\n\n - Fix handling of missing GStreamer elements.\n\n - Fix rendering when webm video is played twice.\n\n - Fix kinetic scrolling sometimes jumping around.\n\n - Fix build with ICU configured without collation support.\n\n - WebSockets use system proxy settings now (requires libsoup 2.61.90).\n\n - Show the context menu on long-press gesture.\n\n - Add support for Shift + mouse scroll to scroll horizontally.\n\n - Fix zoom gesture to actually zoom instead of changing the page scale.\n\n - Implement support for Graphics ARIA roles.\n\n - Make sleep inhibitors work under Flatpak.\n\n - Add get element CSS value command to WebDriver.\n\n - Fix a crash aftter a swipe gesture.\n\n - Fix several crashes and rendering issues.\n\n - Fix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk.\n\n - Fix parsing of timeout values in WebDriver.\n\n - Implement get timeouts command in WebDriver.\n\n - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\n - Fix several crashes and rendering issues.\n\n - Add web process API to detect when form is submitted via JavaScript.\n\n - Add new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated.\n\n - Add WebKitWebView::web-process-terminated signal and deprecate web-process-crashed.\n\n - Fix rendering issues when editing text areas.\n\n - Use FastMalloc based GstAllocator for GStreamer.\n\n - Fix web process crash at startup in bmalloc.\n\n - Fix several memory leaks in GStreamer media backend.\n\n - WebKitWebDriver process no longer links to libjavascriptcoregtk.\n\n - Fix several crashes and rendering issues.\n\n - Add new API to add, retrieve and delete cookies via WebKitCookieManager.\n\n - Add functions to WebSettings to convert font sizes between points and pixels.\n\n - Ensure cookie operations take effect when they happen before a web process has been spawned.\n\n - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\n - Add initial resource load statistics support.\n\n - Add API to expose availability of certain editing commands in WebKitEditorState.\n\n - Add API to query whether a WebKitNavigationAction is a redirect or not.\n\n - Improve complex text rendering.\n\n - Add support for the 'system' CSS font family.\n\n - Disable USE_GSTREAMER_GL\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12911", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4204", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4246"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1288.NASL", "href": "https://www.tenable.com/plugins/nessus/118453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1288.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118453);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288)\");\n script_summary(english:\"Check for the openSUSE-2018-1288 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-12911: Fixed an off-by-one error in\n xdg_mime_get_simple_globs (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote\n attackers to spoof user-interface information (about\n whether the entire content is derived from a valid TLS\n session) via a crafted website that sends a 401\n Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote\n attackers to execute arbitrary code via special\n characters that trigger command injection (bsc#1075775,\n bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website that triggers a\n WebCore::jsElementScrollHeightGetter use-after-free\n (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function\n in the 'WebKit' component allowed attackers to trigger\n an assertion failure by leveraging improper array\n indexing (bsc#1088182)\n\n - CVE-2018-4114: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4117: An unspecified issue allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1088182, bsc#1102530).\n\n - CVE-2018-4118: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4119: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4120: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4121: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1092278).\n\n - CVE-2018-4122: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4125: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4127: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4128: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4129: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4146: An unspecified issue allowed attackers to\n cause a denial of service (memory corruption) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4161: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4162: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4163: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4165: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4190: An unspecified issue allowed remote\n attackers to obtain sensitive credential information\n that is transmitted during a CSS mask-image fetch\n (bsc#1097693)\n\n - CVE-2018-4199: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (buffer overflow and application crash) via a\n crafted website (bsc#1097693)\n\n - CVE-2018-4218: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website that triggers an @generatorState\n use-after-free (bsc#1097693)\n\n - CVE-2018-4222: An unspecified issue allowed remote\n attackers to execute arbitrary code via a crafted\n website that leverages a getWasmBufferFromValue\n out-of-bounds read during WebAssembly compilation\n (bsc#1097693) \n\n - CVE-2018-4232: An unspecified issue allowed remote\n attackers to overwrite cookies via a crafted website\n (bsc#1097693) \n\n - CVE-2018-4233: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1097693) \n\n - CVE-2018-4246: An unspecified issue allowed remote\n attackers to execute arbitrary code via a crafted\n website that leverages type confusion (bsc#1104169) \n\n - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL\n and webkitFaviconDatabaseSetIconURLForPageURL mishandled\n an unset pageURL, leading to an application crash\n (bsc#1095611)\n\n - CVE-2018-4133: A Safari cross-site scripting (XSS)\n vulnerability allowed remote attackers to inject\n arbitrary web script or HTML via a crafted URL\n (bsc#1088182).\n\n - CVE-2018-11713: The libsoup network backend of WebKit\n unexpectedly failed to use system proxy settings for\n WebSocket connections. As a result, users could be\n deanonymized by crafted websites via a WebSocket\n connection (bsc#1096060).\n\n - CVE-2018-11712: The libsoup network backend of WebKit\n failed to perform TLS certificate verification for\n WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues :\n\n - Fixed a crash when atk_object_ref_state_set is called on\n an AtkObject that's being destroyed (bsc#1088932).\n\n - Fixed crash when using Wayland with QXL/virtio\n (bsc#1079512)\n\n - Disable Gigacage if mmap fails to allocate in Linux.\n\n - Add user agent quirk for paypal website.\n\n - Properly detect compiler flags, needed libs, and\n fallbacks for usage of 64-bit atomic operations.\n\n - Fix a network process crash when trying to get cookies\n of about:blank page.\n\n - Fix UI process crash when closing the window under\n Wayland.\n\n - Fix several crashes and rendering issues.\n\n - Do TLS error checking on\n GTlsConnection::accept-certificate to finish the load\n earlier in case of errors.\n\n - Properly close the connection to the nested wayland\n compositor in the Web Process.\n\n - Avoid painting backing stores for zero-opacity layers.\n\n - Fix downloads started by context menu failing in some\n websites due to missing user agent HTTP header.\n\n - Fix video unpause when GStreamerGL is disabled.\n\n - Fix several GObject introspection annotations.\n\n - Update user agent quiks to fix Outlook.com and\n Chase.com.\n\n - Fix several crashes and rendering issues.\n\n - Improve error message when Gigacage cannot allocate\n virtual memory.\n\n - Add missing WebKitWebProcessEnumTypes.h to\n webkit-web-extension.h.\n\n - Improve web process memory monitor thresholds.\n\n - Fix a web process crash when the web view is created and\n destroyed quickly.\n\n - Fix a network process crash when load is cancelled while\n searching for stored HTTP auth credentials.\n\n - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and\n ENABLE_XSLT are disabled.\n\n - New API to retrieve and delete cookies with\n WebKitCookieManager.\n\n - New web process API to detect when form is submitted via\n JavaScript.\n\n - Several improvements and fixes in the touch/gestures\n support.\n\n - Support for the &ldquo;system&rdquo; CSS font family.\n\n - Complex text rendering improvements and fixes.\n\n - More complete and spec compliant WebDriver\n implementation.\n\n - Ensure DNS prefetching cannot be re-enabled if disabled\n by settings.\n\n - Fix seek sometimes not working.\n\n - Fix rendering of emojis that were using the wrong scale\n factor in some cases.\n\n - Fix rendering of combining enclosed keycap.\n\n - Fix rendering scale of some layers in HiDPI.\n\n - Fix a crash in Wayland when closing the web view.\n\n - Fix crashes upower crashes when running inside a chroot\n or on systems with broken dbus/upower.\n\n - Fix memory leaks in GStreamer media backend when using\n GStreamer 1.14.\n\n - Fix several crashes and rendering issues.\n\n - Add ENABLE_ADDRESS_SANITIZER to make it easier to build\n with asan support.\n\n - Fix a crash a under Wayland when using mesa software\n rasterization.\n\n - Make fullscreen video work again.\n\n - Fix handling of missing GStreamer elements.\n\n - Fix rendering when webm video is played twice.\n\n - Fix kinetic scrolling sometimes jumping around.\n\n - Fix build with ICU configured without collation support.\n\n - WebSockets use system proxy settings now (requires\n libsoup 2.61.90).\n\n - Show the context menu on long-press gesture.\n\n - Add support for Shift + mouse scroll to scroll\n horizontally.\n\n - Fix zoom gesture to actually zoom instead of changing\n the page scale.\n\n - Implement support for Graphics ARIA roles.\n\n - Make sleep inhibitors work under Flatpak.\n\n - Add get element CSS value command to WebDriver.\n\n - Fix a crash aftter a swipe gesture.\n\n - Fix several crashes and rendering issues.\n\n - Fix crashes due to duplicated symbols in\n libjavascriptcoregtk and libwebkit2gtk.\n\n - Fix parsing of timeout values in WebDriver.\n\n - Implement get timeouts command in WebDriver.\n\n - Fix deadlock in GStreamer video sink during shutdown\n when accelerated compositing is disabled.\n\n - Fix several crashes and rendering issues.\n\n - Add web process API to detect when form is submitted via\n JavaScript.\n\n - Add new API to replace\n webkit_form_submission_request_get_text_fields() that is\n now deprecated.\n\n - Add WebKitWebView::web-process-terminated signal and\n deprecate web-process-crashed.\n\n - Fix rendering issues when editing text areas.\n\n - Use FastMalloc based GstAllocator for GStreamer.\n\n - Fix web process crash at startup in bmalloc.\n\n - Fix several memory leaks in GStreamer media backend.\n\n - WebKitWebDriver process no longer links to\n libjavascriptcoregtk.\n\n - Fix several crashes and rendering issues.\n\n - Add new API to add, retrieve and delete cookies via\n WebKitCookieManager.\n\n - Add functions to WebSettings to convert font sizes\n between points and pixels.\n\n - Ensure cookie operations take effect when they happen\n before a web process has been spawned.\n\n - Automatically adjust font size when\n GtkSettings:gtk-xft-dpi changes.\n\n - Add initial resource load statistics support.\n\n - Add API to expose availability of certain editing\n commands in WebKitEditorState.\n\n - Add API to query whether a WebKitNavigationAction is a\n redirect or not.\n\n - Improve complex text rendering.\n\n - Add support for the 'system' CSS font family.\n\n - Disable USE_GSTREAMER_GL\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.20.3-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T14:37:50", "description": "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :\n\n - ATS\n - CFNetwork Session\n - CoreFoundation\n - CoreTypes\n - curl\n - Disk Images\n - iCloud Drive\n - Kernel\n - kext tools\n - LaunchServices\n - PluginKit\n - Security\n - Storage\n - Terminal", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-02T00:00:00", "type": "nessus", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-002)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13890", "CVE-2017-13911", "CVE-2017-15412", "CVE-2017-7151", "CVE-2017-8816", "CVE-2018-4104", "CVE-2018-4106", "CVE-2018-4108", "CVE-2018-4112", "CVE-2018-4131", "CVE-2018-4136", "CVE-2018-4139", "CVE-2018-4144", "CVE-2018-4150", "CVE-2018-4151", "CVE-2018-4154", "CVE-2018-4155", "CVE-2018-4156", "CVE-2018-4158", "CVE-2018-4175", "CVE-2018-4176"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOSX_SECUPD2018-002.NASL", "href": "https://www.tenable.com/plugins/nessus/108787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108787);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-13890\",\n \"CVE-2017-13911\",\n \"CVE-2017-15412\",\n \"CVE-2017-7151\",\n \"CVE-2017-8816\",\n \"CVE-2018-4104\",\n \"CVE-2018-4106\",\n \"CVE-2018-4108\",\n \"CVE-2018-4112\",\n \"CVE-2018-4131\",\n \"CVE-2018-4136\",\n \"CVE-2018-4139\",\n \"CVE-2018-4144\",\n \"CVE-2018-4150\",\n \"CVE-2018-4151\",\n \"CVE-2018-4154\",\n \"CVE-2018-4155\",\n \"CVE-2018-4156\",\n \"CVE-2018-4158\",\n \"CVE-2018-4175\",\n \"CVE-2018-4176\"\n );\n script_bugtraq_id(\n 101998,\n 102098,\n 103579,\n 103581,\n 103582\n );\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-002)\");\n script_summary(english:\"Checks for the presence of Security Update 2018-002.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - ATS\n - CFNetwork Session\n - CoreFoundation\n - CoreTypes\n - curl\n - Disk Images\n - iCloud Drive\n - Kernel\n - kext tools\n - LaunchServices\n - PluginKit\n - Security\n - Storage\n - Terminal\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208692\");\n # https://lists.apple.com/archives/security-announce/2018/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0e00f71\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2018-002 or later for 10.11.x or\nSecurity Update 2018-002 or later for 10.12.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13911\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11\\.6|12\\.6)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.11.6 or Mac OS X 10.12.6\");\n\nif (\"10.11.6\" >< os)\n patch = \"2018-002\";\nelse\n patch = \"2018-002\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n matches = pregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(matches)) continue;\n if (empty_or_null(matches[1]) || empty_or_null(matches[2]))\n continue;\n\n patch_found = check_patch(year:int(matches[1]), number:int(matches[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:27:36", "description": "According to the version of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.i1/4^CVE-2017-15412i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : libxml2 (EulerOS-SA-2019-1211)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1211.NASL", "href": "https://www.tenable.com/plugins/nessus/123897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123897);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-15412\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : libxml2 (EulerOS-SA-2019-1211)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libxml2 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in\n Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page.i1/4^CVE-2017-15412i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1211\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?14f41772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h13\",\n \"libxml2-devel-2.9.1-6.3.h13\",\n \"libxml2-python-2.9.1-6.3.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:33:03", "description": "Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2's XPath engine via an XSLT transformation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Debian DSA-4086-1 : libxml2 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4086.NASL", "href": "https://www.tenable.com/plugins/nessus/105801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4086. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105801);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2017-15412\");\n script_xref(name:\"DSA\", value:\"4086\");\n\n script_name(english:\"Debian DSA-4086-1 : libxml2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nick Wellnhofer discovered that certain function calls inside XPath\npredicates can lead to use-after-free and double-free errors when\nexecuted by libxml2's XPath engine via an XSLT transformation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml2 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.9.1+dfsg1-5+deb8u6.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.9.4+dfsg1-2.2+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxml2\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dev\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-doc\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dev\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-doc\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:32:34", "description": "CVE-2017-15412 It was detected that some function calls in the XPath extensions functions could result in memory corruption due to 'use after free'.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy12.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-19T00:00:00", "type": "nessus", "title": "Debian DLA-1211-1 : libxml2 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils", "p-cpe:/a:debian:debian_linux:libxml2-utils-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1211.NASL", "href": "https://www.tenable.com/plugins/nessus/105360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1211-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105360);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-15412\");\n\n script_name(english:\"Debian DLA-1211-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-15412 It was detected that some function calls in the XPath\nextensions functions could result in memory corruption due to 'use\nafter free'.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy12.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxml2\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dev\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-doc\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:32:34", "description": "It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : libxml2 vulnerability (USN-3513-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxml2", "p-cpe:/a:canonical:ubuntu_linux:libxml2-utils", "p-cpe:/a:canonical:ubuntu_linux:python-libxml2", "p-cpe:/a:canonical:ubuntu_linux:python3-libxml2", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3513-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3513-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105254);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-15412\");\n script_xref(name:\"USN\", value:\"3513-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : libxml2 vulnerability (USN-3513-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that libxml2 incorrecty handled certain files. An\nattacker could use this issue with specially constructed XML data to\ncause libxml2 to consume resources, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3513-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxml2\", pkgver:\"2.9.1+dfsg1-3ubuntu4.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxml2-utils\", pkgver:\"2.9.1+dfsg1-3ubuntu4.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-libxml2\", pkgver:\"2.9.1+dfsg1-3ubuntu4.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxml2\", pkgver:\"2.9.3+dfsg1-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxml2-utils\", pkgver:\"2.9.3+dfsg1-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python-libxml2\", pkgver:\"2.9.3+dfsg1-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libxml2\", pkgver:\"2.9.4+dfsg1-2.2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libxml2-utils\", pkgver:\"2.9.4+dfsg1-2.2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"python-libxml2\", pkgver:\"2.9.4+dfsg1-2.2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"python3-libxml2\", pkgver:\"2.9.4+dfsg1-2.2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libxml2\", pkgver:\"2.9.4+dfsg1-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libxml2-utils\", pkgver:\"2.9.4+dfsg1-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"python-libxml2\", pkgver:\"2.9.4+dfsg1-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"python3-libxml2\", pkgver:\"2.9.4+dfsg1-4ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-utils / python-libxml2 / python3-libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:10:53", "description": "The version of Google Chrome installed on the remote host is prior to 68.0.3440.75, and is affected by multiple vulnerabilities :\n\n - A flaw exists as it does not properly limit certain characters (U+0153, U+00E6, U+04D5, U+0499, and U+0525) before displaying them as Unicode. With a specially crafted IDN domain, a context-dependent attacker can spoof an Omnibox address.\n - A flaw exists as it does not properly limit certain characters (U+0153, U+00E6, U+04D5, U+0499, and U+0525) before displaying them as Unicode. With a specially crafted IDN domain, a context-dependent attacker can spoof an Omnibox address.\n - A flaw exists in the 'ComputeRandomMagic()' function in 'blink/renderer/platform/heap/heap_page.cc' that is triggered as random numbers are not properly handled when generating heap magic values. This may lead to weaker heap object integrity checks than intended.\n - A flaw exists in the safe browsing feature that is triggered when handling DMG file analysis. This may allow a context-dependent attacker to have an unspecified impact.\n - A dangling reference flaw exists in the PDFiumEngine class in 'pdf/pdfium/pdfium_engine.cc' that is triggered when handling image data while paints are pending. This may allow a context-dependent attacker to have an unspecified impact.\n - A flaw exists in the CPDF_DIBSource class destructor in 'fpdfapi/render/cpdf_dibsource.cpp' that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.\n - A type confusion flaw exists in multiple JS functions that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.\n - A flaw exists in the HTMLMediaElement class in 'blink/renderer/core/html/media/html_media_element.cc' that is triggered when handling media files. This may allow a context-dependent attacker to gain cross-origin access to potentially sensitive information.\n - A flaw exists in the 'ActiveTabPermissionGranter::GrantIfRequested()' function in 'browser/extensions/active_tab_permission_granter.cc' that is triggered as an extension has permission to the file-scheme of a file-URL loaded tab. This may allow a malicious extension to gain unauthorized access to page information 'e.g'. via the 'chrome.tabs'.executeScript API.\n - A flaw exists that is triggered as it is possible to include web content in WebUI documents. This may allow a context-dependent attacker to bypass intended security restrictions.\n - A flaw exists that is triggered as certain input is not properly validated when handling temporary registers during shader compilation. This may allow a context-dependent attacker to crash a process linked against the library.\n - An unspecified flaw exists that is triggered when handling termination garbage collection. This may allow a context-dependent attacker to have an unspecified impact.\n - A use-after-free error exists in the 'vp8_deblock()' function in 'vp8/common/postproc.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in the 'PermissionServiceImpl::RequestPermissions()' function in 'content/browser/permissions/permission_service_impl.cc' that is triggered when handling permission types. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in the HTMLMediaElement class in 'blink/renderer/core/html/media/html_media_element.cc' that is triggered when handling media files. This may allow a context-dependent attacker to bypass cross-origin resource sharing (CORS) configurations.\n - A flaw exists as it does not properly limit certain characters (U+0153, U+00E6, U+04D5, U+0499, and U+0525) before displaying them as Unicode. With a specially crafted IDN domain, a context-dependent attacker can spoof an Omnibox address.\n - A type confusion flaw exists in the 'PacketBuffer::FindFrames()' function in 'modules/video_coding/packet_buffer.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-23T00:00:00", "type": "nessus", "title": "Google Chrome < 68.0.3440.75 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4117"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "700361.PASL", "href": "https://www.tenable.com/plugins/nnm/700361", "sourceData": "Binary data 700361.pasl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-08T15:13:49", "description": "The remote host is affected by the vulnerability described in GLSA-201812-04 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could execute arbitrary commands or cause a Denial of Service condition via maliciously crafted web content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-12-03T00:00:00", "type": "nessus", "title": "GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-04-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201812-04.NASL", "href": "https://www.tenable.com/plugins/nessus/119323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201812-04.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119323);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/30 14:30:16\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_xref(name:\"GLSA\", value:\"201812-04\");\n\n script_name(english:\"GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201812-04\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could execute arbitrary commands or cause a Denial of\n Service condition via maliciously crafted web content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201812-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.22.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.22.0\"), vulnerable:make_list(\"lt 2.22.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:11:22", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : webkit2gtk vulnerabilities (USN-3781-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3781-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3781-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117914);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_xref(name:\"USN\", value:\"3781-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : webkit2gtk vulnerabilities (USN-3781-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3781-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.22.2-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.22.2-0ubuntu0.18.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:23", "description": "The remote host is affected by the vulnerability described in GLSA-201808-04 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could execute arbitrary commands or cause a denial of service condition via a maliciously crafted web content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-23T00:00:00", "type": "nessus", "title": "GLSA-201808-04 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12293", "CVE-2018-12294", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4192", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4201", "CVE-2018-4204", "CVE-2018-4214", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201808-04.NASL", "href": "https://www.tenable.com/plugins/nessus/112078", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201808-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112078);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12293\", \"CVE-2018-12294\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4192\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4201\", \"CVE-2018-4204\", \"CVE-2018-4214\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\");\n script_xref(name:\"GLSA\", value:\"201808-04\");\n\n script_name(english:\"GLSA-201808-04 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201808-04\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could execute arbitrary commands or cause a denial of\n service condition via a maliciously crafted web content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201808-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.20.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.20.4\"), vulnerable:make_list(\"lt 2.20.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:41:02", "description": "According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2018-15412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-12-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2018-1446)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412", "CVE-2018-15412"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1446.NASL", "href": "https://www.tenable.com/plugins/nessus/119935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119935);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-15412\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2018-1446)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in\n Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page.(CVE-2018-15412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1446\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c12f3912\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h11\",\n \"libxml2-devel-2.9.1-6.3.h11\",\n \"libxml2-python-2.9.1-6.3.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:33:46", "description": "According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2018-15412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-1034)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412", "CVE-2018-15412"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1034.NASL", "href": "https://www.tenable.com/plugins/nessus/122207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122207);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-15412\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-1034)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in\n Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page.(CVE-2018-15412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1034\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?153b0691\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h12\",\n \"libxml2-devel-2.9.1-6.3.h12\",\n \"libxml2-python-2.9.1-6.3.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:30:34", "description": "According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2018-15412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1007)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15412", "CVE-2018-15412"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1007.NASL", "href": "https://www.tenable.com/plugins/nessus/120995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120995);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-15412\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1007)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Use after free in libxml2 before 2.9.5, as used in\n Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page.(CVE-2018-15412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1007\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cda1cac7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h13.eulerosv2r7\",\n \"libxml2-devel-2.9.1-6.3.h13.eulerosv2r7\",\n \"libxml2-python-2.9.1-6.3.h13.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:08", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-02-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0092-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0092-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121206);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/10\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\nCVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\nCVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\nCVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\nCVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\nCVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\nCVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\nCVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\nbsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4162/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4306/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4328/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190092-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c8c2c8c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-92=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-92=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-92=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:22", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-81.NASL", "href": "https://www.tenable.com/plugins/nessus/121339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-81.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121339);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)\");\n script_summary(english:\"Check for the openSUSE-2019-81 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386,\n CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,\n CVE-2018-4382, CVE-2018-4392, CVE-2018-4416,\n CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312,\n CVE-2018-4314, CVE-2018-4315, CVE-2018-4316,\n CVE-2018-4317, CVE-2018-4318, CVE-2018-4319,\n CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373,\n CVE-2018-4162, CVE-2018-4163, CVE-2018-4165,\n CVE-2018-11713, CVE-2018-4207, CVE-2018-4208,\n CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438,\n CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\n CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:34:12", "description": "This update for libxml2 fixes one issue. This security issue was fixed :\n\n - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-09T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:0401-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131", "CVE-2017-15412", "CVE-2017-5130"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0401-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106708", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0401-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106708);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-5130\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:0401-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes one issue. This security issue was \nfixed :\n\n - CVE-2017-15412: Prevent use after free when calling\n XPath extension functions that allowed remote attackers\n to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow\n in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5130/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180401-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47defebc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-276=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-276=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-276=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-276=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-276=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-276=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-276=1\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-276=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-276=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:34:00", "description": "This update for libxml2 fixes three security issues :\n\n - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxml2 (openSUSE-2018-154)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131", "CVE-2017-15412", "CVE-2017-5130"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2", "p-cpe:/a:novell:opensuse:python-libxml2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-154.NASL", "href": "https://www.tenable.com/plugins/nessus/106741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-154.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106741);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-5130\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2018-154)\");\n script_summary(english:\"Check for the openSUSE-2018-154 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes three security issues :\n\n - CVE-2017-15412: Prevent use after free when calling\n XPath extension functions that allowed remote attackers\n to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow\n in function xmlMemoryStrdup() (bsc#1078806)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078813\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-2-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-2-debuginfo-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-debugsource-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-devel-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-tools-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-tools-debuginfo-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-debuginfo-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-debugsource-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.4-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:34:00", "description": "This update for libxml2 fixes several issues. Theses security issues were fixed :\n\n - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689).\n\n - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-09T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : libxml2 (SUSE-SU-2018:0395-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131", "CVE-2017-15412", "CVE-2017-16932", "CVE-2017-5130"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-doc", "p-cpe:/a:novell:suse_linux:libxml2-python", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0395-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0395-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106707);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-16932\", \"CVE-2017-5130\");\n\n script_name(english:\"SUSE SLES11 Security Update : libxml2 (SUSE-SU-2018:0395-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes several issues. Theses security issues\nwere fixed :\n\n - CVE-2017-16932: Fixed infinite recursion could lead to\n an infinite loop or memory exhaustion when expanding a\n parameter entity in a DTD (bsc#1069689).\n\n - CVE-2017-15412: Prevent use after free when calling\n XPath extension functions that allowed remote attackers\n to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow\n in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16932/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5130/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180395-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?595b9055\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-libxml2-13458=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-libxml2-13458=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-libxml2-13458=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-doc-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-python-2.7.6-0.77.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T14:27:03", "description": "This update for webkit2gtk3 to version 2.22.4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-68.NASL", "href": "https://www.tenable.com/plugins/nessus/121291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-68.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121291);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)\");\n script_summary(english:\"Check for the openSUSE-2019-68 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\nCVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372,\nCVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\nCVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279,\nbsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update\nupdate project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.22.4-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T14:29:05", "description": "This update for webkit2gtk3 to version 2.22.4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0059-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0059-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0059-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0059-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\nCVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372,\nCVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\nCVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279,\nbsc#1116998).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4262/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4263/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4266/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4284/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4306/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4328/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4416/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190059-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?987bc725\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-59=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-59=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-59=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-59=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:33:09", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : libxml2 (CESA-2020:1190)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libxml2", "p-cpe:/a:centos:centos:libxml2-devel", "p-cpe:/a:centos:centos:libxml2-python", "p-cpe:/a:centos:centos:libxml2-static", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1190.NASL", "href": "https://www.tenable.com/plugins/nessus/135358", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1190 and\n# CentOS Errata and Security Advisory 2020:1190 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135358);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1190\");\n\n script_name(english:\"CentOS 7 : libxml2 (CESA-2020:1190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012518.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ed8ea19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/252.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5131\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(252, 400, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:35:02", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-01T00:00:00", "type": "nessus", "title": "RHEL 7 : libxml2 (RHSA-2020:1190)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2-python:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2-static:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1190.NASL", "href": "https://www.tenable.com/plugins/nessus/135071", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1190. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135071);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_bugtraq_id(\n 77390,\n 92053,\n 102098,\n 105198\n );\n script_xref(name:\"RHSA\", value:\"2020:1190\");\n script_xref(name:\"IAVB\", value:\"2016-B-0083-S\");\n script_xref(name:\"IAVB\", value:\"2016-B-0113-S\");\n script_xref(name:\"IAVB\", value:\"2017-B-0169-S\");\n\n script_name(english:\"RHEL 7 : libxml2 (RHSA-2020:1190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2015-8035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2016-5131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-15412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1277146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1358641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1523128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1566749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1595985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1619875\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(252, 400, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libxml2-2.9.1-6.el7.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.1-6.el7.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-static-2.9.1-6.el7.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / libxml2-static');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:33:14", "description": "* libxml2: Use after free triggered by XPointer paths beginning with range-to * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c * libxml2:\nDoS caused by incorrect error detection during XZ decompression * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567"], "modified": "2020-04-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libxml2", "p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libxml2-devel", "p-cpe:/a:fermilab:scientific_linux:libxml2-python", "p-cpe:/a:fermilab:scientific_linux:libxml2-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_LIBXML2_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135819", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135819);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\"CVE-2015-8035\", \"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-18258\", \"CVE-2018-14404\", \"CVE-2018-14567\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* libxml2: Use after free triggered by XPointer paths beginning with\nrange-to * libxml2: Use after free in\nxmlXPathCompOpEvalPositionalPredicate() function in xpath.c * libxml2:\nDoS caused by incorrect error detection during XZ decompression *\nlibxml2: NULL pointer dereference in xmlXPathCompOpEval() function in\nxpath.c * libxml2: Unrestricted memory usage in xz_head() function in\nxzlib.c * libxml2: Infinite loop caused by incorrect error detection\nduring LZMA decompression\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=12531\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?988a1301\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.el7.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:38:49", "description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n(CVE-2017-15412)\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : libxml2 (ALAS-2020-1466)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2020-07-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1466.NASL", "href": "https://www.tenable.com/plugins/nessus/138855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1466.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138855);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/27\");\n\n script_cve_id(\"CVE-2015-8035\", \"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-18258\", \"CVE-2018-14404\", \"CVE-2018-14567\");\n script_xref(name:\"ALAS\", value:\"2020-1466\");\n\n script_name(english:\"Amazon Linux 2 : libxml2 (ALAS-2020-1466)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A NULL pointer dereference vulnerability exists in the\nxpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when\nparsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR\ncase. Applications processing untrusted XSL format inputs with the use\nof the libxml2 library may be vulnerable to a denial of service attack\ndue to a crash of the application. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior\nto 63.0.3239.84 and other products, allowed a remote attacker to\npotentially exploit heap corruption via a crafted HTML page.\n(CVE-2017-15412)\n\nA denial of service flaw was found in libxml2. A remote attacker could\nprovide a specially crafted XML or HTML file that, when processed by\nan application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to\ncause a denial of service (infinite loop) via a crafted XML file that\ntriggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\nvulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote\nattackers to cause a denial of service (memory consumption) via a\ncrafted LZMA file, because the decoder functionality does not restrict\nmemory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in\nGoogle Chrome before 52.0.2743.82, allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via\nvectors related to the XPointer range-to function. (CVE-2016-5131)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1466.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update libxml2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-debuginfo-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-devel-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-python-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-static-2.9.1-6.amzn2.4.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T14:54:35", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0091)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0091_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/143920", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0091. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143920);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_bugtraq_id(\n 77390,\n 92053,\n 102098,\n 105198\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0091)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected\nby multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82,\n allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2\n through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable\n to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite\n loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\n vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of\n service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict\n memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which\n allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libxml2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ],\n 'CGSL MAIN 5.05': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T14:55:03", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected by multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0060)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0060_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/143906", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0060. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143906);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_bugtraq_id(\n 77390,\n 92053,\n 102098,\n 105198\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected\nby multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82,\n allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2\n through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable\n to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite\n loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\n vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of\n service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict\n memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which\n allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0060\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libxml2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ],\n 'CGSL MAIN 5.04': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:40:23", "description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file. (CVE-2017-15412)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libxml2 (ALAS-2020-1415)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python26", "p-cpe:/a:amazon:linux:libxml2-python27", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1415.NASL", "href": "https://www.tenable.com/plugins/nessus/139549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1415.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139549);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1415\");\n\n script_name(english:\"Amazon Linux AMI : libxml2 (ALAS-2020-1415)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"A NULL pointer dereference vulnerability exists in the\nxpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when\nparsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR\ncase. Applications processing untrusted XSL format inputs with the use\nof the libxml2 library may be vulnerable to a denial of service attack\ndue to a crash of the application. A NULL pointer dereference\nvulnerability exists in the xpath.c:xmlXPathCompOpEval() function of\nlibxml2 when parsing invalid XPath expression. Applications processing\nuntrusted XSL format inputs with the use of libxml2 library may be\nvulnerable to denial of service attack due to crash of the\napplication. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior\nto 63.0.3239.84 and other products, allowed a remote attacker to\npotentially exploit heap corruption via a crafted HTML page. A\nuse-after-free flaw was found in the libxml2 library. An attacker\ncould use this flaw to cause an application linked against libxml2 to\ncrash when parsing a specially crafted XML file. (CVE-2017-15412)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly\ndetect compression errors, which allows context-dependent attackers to\ncause a denial of service (process hang) via crafted XML data. A\ndenial of service flaw was found in libxml2. A remote attacker could\nprovide a specially crafted XML or HTML file that, when processed by\nan application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to\ncause a denial of service (infinite loop) via a crafted XML file that\ntriggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\nvulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote\nattackers to cause a denial of service (memory consumption) via a\ncrafted LZMA file, because the decoder functionality does not restrict\nmemory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in\nGoogle Chrome before 52.0.2743.82, allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via\nvectors related to the XPointer range-to function. (CVE-2016-5131)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1415.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update libxml2' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-debuginfo-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-devel-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python26-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python27-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-static-2.9.1-6.4.40.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python26 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T23:19:49", "description": "The version of Apple iOS running on the mobile device is prior to 12.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4365", "CVE-2018-4366", "CVE-2018-4367", "CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4384", "CVE-2018-4385", "CVE-2018-4386", "CVE-2018-4387", "CVE-2018-4388", "CVE-2018-4390", "CVE-2018-4391", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4400", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420", "CVE-2018-4427"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "700554.PRM", "href": "https://www.tenable.com/plugins/nnm/700554", "sourceData": "Binary data 700554.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-09T16:49:34", "description": "The version of Apple iOS running on the mobile device is prior to 12.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4365", "CVE-2018-4366", "CVE-2018-4367", "CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4384", "CVE-2018-4385", "CVE-2018-4386", "CVE-2018-4387", "CVE-2018-4388", "CVE-2018-4390", "CVE-2018-4391", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4400", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420", "CVE-2018-4427"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_121_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/118569", "sourceData": "Binary data apple_ios_121_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:53:18", "description": "This update to Chromium 63.0.3239.84 fixes the following security issues :\n\n - CVE-2017-15408: Heap buffer overflow in PDFium\n\n - CVE-2017-15409: Out of bounds write in Skia\n\n - CVE-2017-15410: Use after free in PDFium\n\n - CVE-2017-15411: Use after free in PDFium\n\n - CVE-2017-15412: Use after free in libXML\n\n - CVE-2017-15413: Type confusion in WebAssembly\n\n - CVE-2017-15415: Pointer information disclosure in IPC call\n\n - CVE-2017-15416: Out of bounds read in Blink\n\n - CVE-2017-15417: Cross origin information disclosure in Skia\n\n - CVE-2017-15418: Use of uninitialized value in Skia\n\n - CVE-2017-15419: Cross origin leak of redirect URL in Blink\n\n - CVE-2017-15420: URL spoofing in Omnibox\n\n - CVE-2017-15422: Integer overflow in ICU\n\n - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL\n\n - CVE-2017-15424: URL Spoof in Omnibox\n\n - CVE-2017-15425: URL Spoof in Omnibox\n\n - CVE-2017-15426: URL Spoof in Omnibox\n\n - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2017-1349)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15408", "CVE-2017-15409", "CVE-2017-15410", "CVE-2017-15411", "CVE-2017-15412", "CVE-2017-15413", "CVE-2017-15415", "CVE-2017-15416", "CVE-2017-15417", "CVE-2017-15418", "CVE-2017-15419", "CVE-2017-15420", "CVE-2017-15422", "CVE-2017-15423", "CVE-2017-15424", "CVE-2017-15425", "CVE-2017-15426", "CVE-2017-15427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1349.NASL", "href": "https://www.tenable.com/plugins/nessus/105235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1349.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105235);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-15408\", \"CVE-2017-15409\", \"CVE-2017-15410\", \"CVE-2017-15411\", \"CVE-2017-15412\", \"CVE-2017-15413\", \"CVE-2017-15415\", \"CVE-2017-15416\", \"CVE-2017-15417\", \"CVE-2017-15418\", \"CVE-2017-15419\", \"CVE-2017-15420\", \"CVE-2017-15422\", \"CVE-2017-15423\", \"CVE-2017-15424\", \"CVE-2017-15425\", \"CVE-2017-15426\", \"CVE-2017-15427\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2017-1349)\");\n script_summary(english:\"Check for the openSUSE-2017-1349 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Chromium 63.0.3239.84 fixes the following security\nissues :\n\n - CVE-2017-15408: Heap buffer overflow in PDFium\n\n - CVE-2017-15409: Out of bounds write in Skia\n\n - CVE-2017-15410: Use after free in PDFium\n\n - CVE-2017-15411: Use after free in PDFium\n\n - CVE-2017-15412: Use after free in libXML\n\n - CVE-2017-15413: Type confusion in WebAssembly\n\n - CVE-2017-15415: Pointer information disclosure in IPC\n call\n\n - CVE-2017-15416: Out of bounds read in Blink\n\n - CVE-2017-15417: Cross origin information disclosure in\n Skia\n\n - CVE-2017-15418: Use of uninitialized value in Skia\n\n - CVE-2017-15419: Cross origin leak of redirect URL in\n Blink\n\n - CVE-2017-15420: URL spoofing in Omnibox\n\n - CVE-2017-15422: Integer overflow in ICU\n\n - CVE-2017-15423: Issue with SPAKE implementation in\n BoringSSL\n\n - CVE-2017-15424: URL Spoof in Omnibox\n\n - CVE-2017-15425: URL Spoof in Omnibox\n\n - CVE-2017-15426: URL Spoof in Omnibox\n\n - CVE-2017-15427: Insufficient blocking of JavaScript in\n Omnibox\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071691\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromedriver-63.0.3239.84-104.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromedriver-debuginfo-63.0.3239.84-104.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromium-63.0.3239.84-104.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromium-debuginfo-63.0.3239.84-104.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromium-debugsource-63.0.3239.84-104.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-63.0.3239.84-127.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-debuginfo-63.0.3239.84-127.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-63.0.3239.84-127.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debuginfo-63.0.3239.84-127.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debugsource-63.0.3239.84-127.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-02-08T16:02:20", "description": "### *Detect date*:\n03/29/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nApple iTunes earlier than 12.7.4\n\n### *Solution*:\nUpdate to latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.7.4 for Windows](<https://support.apple.com/en-us/HT208694>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2018-4113](<https://vulners.com/cve/CVE-2018-4113>)4.3Warning \n[CVE-2018-4114](<https://vulners.com/cve/CVE-2018-4114>)6.8High \n[CVE-2018-4117](<https://vulners.com/cve/CVE-2018-4117>)4.3Warning \n[CVE-2018-4118](<https://vulners.com/cve/CVE-2018-4118>)6.8High \n[CVE-2018-4119](<https://vulners.com/cve/CVE-2018-4119>)6.8High \n[CVE-2018-4120](<https://vulners.com/cve/CVE-2018-4120>)6.8High \n[CVE-2018-4121](<https://vulners.com/cve/CVE-2018-4121>)6.8High \n[CVE-2018-4122](<https://vulners.com/cve/CVE-2018-4122>)6.8High \n[CVE-2018-4125](<https://vulners.com/cve/CVE-2018-4125>)6.8High \n[CVE-2018-4127](<https://vulners.com/cve/CVE-2018-4127>)6.8High \n[CVE-2018-4128](<https://vulners.com/cve/CVE-2018-4128>)6.8High \n[CVE-2018-4129](<https://vulners.com/cve/CVE-2018-4129>)6.8High \n[CVE-2018-4130](<https://vulners.com/cve/CVE-2018-4130>)6.8High \n[CVE-2018-4207](<https://vulners.com/cve/CVE-2018-4207>)6.8High \n[CVE-2018-4208](<https://vulners.com/cve/CVE-2018-4208>)6.8High \n[CVE-2018-4209](<https://vulners.com/cve/CVE-2018-4209>)6.8High \n[CVE-2018-4210](<https://vulners.com/cve/CVE-2018-4210>)6.8High \n[CVE-2018-4212](<https://vulners.com/cve/CVE-2018-4212>)6.8High \n[CVE-2018-4213](<https://vulners.com/cve/CVE-2018-4213>)6.8High \n[CVE-2018-4144](<https://vulners.com/cve/CVE-2018-4144>)9.3Critical \n[CVE-2018-4146](<https://vulners.com/cve/CVE-2018-4146>)4.3Warning \n[CVE-2018-4161](<https://vulners.com/cve/CVE-2018-4161>)6.8High \n[CVE-2018-4162](<https://vulners.com/cve/CVE-2018-4162>)6.8High \n[CVE-2018-4163](<https://vulners.com/cve/CVE-2018-4163>)6.8High \n[CVE-2018-4165](<https://vulners.com/cve/CVE-2018-4165>)6.8High \n[CVE-2018-4101](<https://vulners.com/cve/CVE-2018-4101>)6.8High\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "kaspersky", "title": "KLA11281 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213"], "modified": "2020-06-18T00:00:00", "id": "KLA11281", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11281/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:04:11", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates(HT208694)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4113", "CVE-2018-4127", "CVE-2018-4144", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates(HT208694)-Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813110\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4144\", \"CVE-2018-4101\", \"CVE-2018-4114\", \"CVE-2018-4118\",\n \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\",\n \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\",\n \"CVE-2018-4130\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\",\n \"CVE-2018-4165\", \"CVE-2018-4113\", \"CVE-2018-4146\", \"CVE-2018-4117\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 10:32:52 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apple iTunes Security Updates(HT208694)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A buffer overflow error due to improper size validation..\n\n - Multiple memory corruption issues due to improper memory handling.\n\n - An array indexing issue in the handling of a function in javascript core.\n\n - A cross-origin issue existed with the fetch API.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to elevate privileges, exfiltrate data cross-origin,\n execute arbitrary code and lead to a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.7.4 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.7.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208694\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nituneVer = infos['version'];\nitunePath = infos['location'];\n\n##12.7.4 == 12.7.4.76\nif(version_is_less(version:ituneVer, test_version:\"12.7.4.76\"))\n{\n report = report_fixed_ver(installed_version:ituneVer, fixed_version:\"12.7.4\", install_path:itunePath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:04:23", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT208697)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4113", "CVE-2018-4127", "CVE-2018-4144", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813109", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT208697)-Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813109\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4144\", \"CVE-2018-4101\", \"CVE-2018-4114\", \"CVE-2018-4118\",\n \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\",\n \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\",\n \"CVE-2018-4130\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\",\n \"CVE-2018-4165\", \"CVE-2018-4113\", \"CVE-2018-4146\", \"CVE-2018-4117\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 10:23:49 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apple iCloud Security Updates(HT208697)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A buffer overflow error due to improper size validation..\n\n - Multiple memory corruption issues due to improper memory handling.\n\n - An array indexing issue in the handling of a function in javascript core.\n\n - A cross-origin issue existed with the fetch API.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to elevate privileges, exfiltrate data cross-origin,\n execute arbitrary code and lead to a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.4 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208697\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\n##7.4 == 7.4.0.111\nif(version_is_less(version:icVer, test_version:\"7.4.0.111\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.4\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3635-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4133", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4113", "CVE-2018-4127", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3635_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3635-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843514\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-01 05:30:51 +0200 (Tue, 01 May 2018)\");\n script_cve_id(\"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\",\n \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4122\",\n \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\",\n \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\",\n \"CVE-2018-4163\", \"CVE-2018-4165\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3635-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\ndiscovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\ninto viewing a malicious website, a remote attacker could exploit a variety of\nissues related to web browser security, including cross-site scripting attacks,\ndenial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.10,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3635-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3635-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:36", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates(HT208695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4102", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4116", "CVE-2018-4133", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4113", "CVE-2018-4127", "CVE-2018-4137", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813111", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates(HT208695)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813111\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-4102\", \"CVE-2018-4116\", \"CVE-2018-4137\", \"CVE-2018-4101\",\n \"CVE-2018-4114\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\",\n \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\",\n \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4130\", \"CVE-2018-4161\",\n \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4133\",\n \"CVE-2018-4113\", \"CVE-2018-4146\", \"CVE-2018-4117\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 10:37:28 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apple Safari Security Updates(HT208695)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An inconsistent user interface issue due to insufficient state management.\n\n - Safari autofill did not require explicit user interaction before taking place.\n\n - Multiple memory corruption issues.\n\n - A cross-site scripting due to improper URL validation.\n\n - An array indexing issue existed in the handling of a function in javascript core.\n\n - A cross-origin issue due to improper input validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to conduct address bar spoofing, exfiltrate autofilled\n data in Safari, execute arbitrary code, conduct cross-site scripting attack,\n conduct a denial of service and exfiltrate data cross-origin.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 11.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 11.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208695\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\", \"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif((!osName && \"Mac OS X\" >!< osName) || !osVer){\n exit (0);\n}\n\nif(version_is_less(version:osVer, test_version:\"10.11.6\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.11.6 and Update Apple Safari to version 11.1\" ;\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.12.6 and Update Apple Safari to version 11.1\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.3\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.13.4 and Update Apple Safari to version 11.1\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\n\nelse\n{\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\n safVer = infos['version'];\n path = infos['location'];\n\n if(version_is_less(version:safVer, test_version:\"11.1\"))\n {\n fix = \"11.1\";\n installedVer = \"Apple Safari \" + safVer ;\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:installedVer, fixed_version:fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:36", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT208692)-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4112", "CVE-2018-4136", "CVE-2018-4166", "CVE-2018-4176", "CVE-2018-4155", "CVE-2018-4106", "CVE-2018-4154", "CVE-2018-4139", "CVE-2018-4104", "CVE-2018-4151", "CVE-2018-4175", "CVE-2018-4144", "CVE-2018-4156", "CVE-2018-4158"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310813113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813113", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_HT208692_02.nasl 14292 2019-03-18 18:39:37Z cfischer $\n#\n# Apple MacOSX Security Updates(HT208692)-02\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813113\");\n script_version(\"$Revision: 14292 $\");\n script_cve_id(\"CVE-2018-4104\", \"CVE-2018-4106\", \"CVE-2018-4144\", \"CVE-2018-4139\",\n \"CVE-2018-4136\", \"CVE-2018-4112\", \"CVE-2018-4175\", \"CVE-2018-4176\",\n \"CVE-2018-4156\", \"CVE-2018-4154\", \"CVE-2018-4151\", \"CVE-2018-4155\",\n \"CVE-2018-4158\", \"CVE-2018-4166\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 19:39:37 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 10:46:27 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apple MacOSX Security Updates(HT208692)-02\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An input validation issue.\n\n - A command injection issue in the handling of Bracketed Paste Mode.\n\n - A buffer overflow error.\n\n - Memory corruption due to a logic issue.\n\n - An out-of-bounds read error.\n\n - A validation issue in the handling of symlinks.\n\n - A logic issue.\n\n - A race condition.\n\n - A race condition was addressed with additional validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to read restricted memory, execute arbitrary code\n with system privileges, arbitrary command execution spoofing, gain access to user\n information, bypass code signing enforcement, launching arbitrary application\n and gain elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.11.x through\n 10.11.6, 10.12.x through 10.12.6, 10.13.x through 10.13.3\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate security patch from\n the reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208692\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[1-3]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[1-3]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif((osVer == \"10.11.6\") || (osVer == \"10.12.6\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n ##https://en.wikipedia.org/wiki/OS_X_El_Capitan\n if(osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G20015\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n ##https://en.wikipedia.org/wiki/MacOS_Sierra\n else if(osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1314\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nif(osVer =~ \"^10\\.11\")\n{\n if(version_is_less(version:osVer, test_version:\"10.11.5\")){\n fix = \"Upgrade to latest OS release 10.11.6 and apply patch from vendor\";\n }\n}\nelse if(osVer =~ \"^10\\.12\")\n{\n if(version_is_less(version:osVer, test_version:\"10.12.5\")){\n fix = \"Upgrade to latest OS release 10.12.6 and apply patch from vendor\";\n }\n}\n\nelse if(osVer =~ \"^10\\.13\")\n{\n if(version_is_less(version:osVer, test_version:\"10.13.4\")){\n fix = \"10.13.4\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:04:09", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT208692)-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4142", "CVE-2018-4138", "CVE-2018-4174", "CVE-2018-4152", "CVE-2018-4132", "CVE-2018-4107", "CVE-2018-4108", "CVE-2018-4157", "CVE-2018-4135", "CVE-2018-4131", "CVE-2018-4143", "CVE-2018-4115", "CVE-2018-4167", "CVE-2018-4111", "CVE-2018-4173", "CVE-2018-4170", "CVE-2018-4150", "CVE-2018-4160", "CVE-2018-4105"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Security Updates(HT208692)-01\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813112\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2018-4108\", \"CVE-2018-4143\", \"CVE-2018-4105\", \"CVE-2018-4107\",\n \"CVE-2018-4160\", \"CVE-2018-4167\", \"CVE-2018-4142\", \"CVE-2018-4174\",\n \"CVE-2018-4131\", \"CVE-2018-4132\", \"CVE-2018-4135\", \"CVE-2018-4111\",\n \"CVE-2018-4170\", \"CVE-2018-4115\", \"CVE-2018-4157\", \"CVE-2018-4152\",\n \"CVE-2018-4150\", \"CVE-2018-4138\", \"CVE-2018-4173\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 10:46:18 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apple MacOSX Security Updates(HT208692)-01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An injection issue due to improper input validation.\n\n - An issue existed in the parsing of URLs in PDFs due to improper input\n validation.\n\n - An out-of-bounds read error.\n\n - An inconsistent user interface issue.\n\n - By scanning key states, an unprivileged application could log keystrokes\n entered into other applications even when secure input mode was enabled.\n\n - An issue existed in the handling of S/MIME HTML e-mail.\n\n - The sysadminctl command-line tool required that passwords be passed to it\n in its arguments, potentially exposing the passwords to other local users.\n\n - An issue existed in CFPreferences.\n\n - Multiple memory corruption issues.\n\n - A validation issue.\n\n - A consistency issue existed in deciding when to show the microphone use\n indicator.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code with kernel privileges,\n gain access to passwords supplied to sysadminctl, truncate an APFS volume\n password, gain access to potentially sensitive data, gain elevated privileges,\n conduct a denial-of-service attack, log keystrokes entered into applications,\n intercept and exfiltrate the contents of S/MIME-encrypted e-mail and use a\n removed configuration profile and access the microphone without indication to\n the user.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.13.x through 10.13.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.13.4 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208692\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.13\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.13\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif(version_is_less(version:osVer, test_version:\"10.13.4\"))\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.4\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:39:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:3473-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2017-7161", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2017-7165", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4199", "CVE-2018-4163", "CVE-2018-12911", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4190", "CVE-2018-11646", "CVE-2018-11713", "CVE-2018-11712", "CVE-2018-4133", "CVE-2018-4162", "CVE-2017-7153", "CVE-2018-4125", "CVE-2017-7160", "CVE-2018-4233", "CVE-2018-4113", "CVE-2018-4222", "CVE-2017-13884", "CVE-2018-4127", "CVE-2018-4088", "CVE-2018-4204", "CVE-2018-4096", "CVE-2018-4218", "CVE-2018-4246", "CVE-2018-4117", "CVE-2018-4161", "CVE-2017-13885", "CVE-2018-4232", "CVE-2018-4122", "CVE-2018-4200", "CVE-2018-4121"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852089", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852089\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:43:57 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:3473-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3473-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00071.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2018:3473-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.20.3 fixes the issues:\n\n The following security vulnerabilities were addressed:\n\n - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs\n (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof\n user-interface information (about whether the entire content is derived\n from a valid TLS session) via a crafted web site that sends a 401\n Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote attackers to execute\n arbitrary code via special characters that trigger command injection\n (bsc#1075775, bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site that triggers a\n WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo-32bit\", rpm:\"libwebkit2gtk-4_0-37-debuginfo-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:16", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1211)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15412"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191211", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1211\");\n script_version(\"2020-01-23T11:34:58+0000\");\n script_cve_id(\"CVE-2017-15412\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:34:58 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:34:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1211)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.4\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1211\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1211\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2019-1211 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVE-2017-15412\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS Virtualization 2.5.4.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.4\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h13\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h13\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h13\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for libxml2 USN-3513-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15412"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843763", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3513_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for libxml2 USN-3513-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843763\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-15412\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:16:03 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for libxml2 USN-3513-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|17\\.04|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3513-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3513-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the USN-3513-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that libxml2 incorrecty handled certain files. An\nattacker could use this issue with specially constructed XML data to\ncause libxml2 to consume resources, leading to a denial of service.\");\n\n script_tag(name:\"affected\", value:\"libxml2 on Ubuntu 17.10,\n Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.1+dfsg1-3ubuntu4.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-3ubuntu4.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-3ubuntu4.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.4+dfsg1-4ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-4ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.4+dfsg1-4ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-libxml2\", ver:\"2.9.4+dfsg1-4ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.4+dfsg1-2.2ubuntu0.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-2.2ubuntu0.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.4+dfsg1-2.2ubuntu0.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-libxml2\", ver:\"2.9.4+dfsg1-2.2ubuntu0.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.3+dfsg1-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.3+dfsg1-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.3+dfsg1-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:43", "description": "Nick Wellnhofer discovered that certain function calls inside XPath\npredicates can lead to use-after-free and double-free errors when\nexecuted by libxml2", "cvss3": {}, "published": "2018-01-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4086-1 (libxml2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15412"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4086-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704086\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-15412\");\n script_name(\"Debian Security Advisory DSA 4086-1 (libxml2 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-13 00:00:00 +0100 (Sat, 13 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4086.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"libxml2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 2.9.1+dfsg1-5+deb8u6.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.9.4+dfsg1-2.2+deb9u2.\n\nWe recommend that you upgrade your libxml2 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/libxml2\");\n script_tag(name:\"summary\", value:\"Nick Wellnhofer discovered that certain function calls inside XPath\npredicates can lead to use-after-free and double-free errors when\nexecuted by libxml2's XPath engine via an XSLT transformation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-libxml2\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3781-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4207", "CVE-2018-4299", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4191&qu