ID CVE-2010-1762 Type cve Reporter NVD Modified 2017-09-18T21:30:48
Description
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
{"id": "CVE-2010-1762", "bulletinFamily": "NVD", "title": "CVE-2010-1762", "description": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.", "published": "2010-06-11T15:30:20", "modified": "2017-09-18T21:30:48", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1762", "reporter": "NVD", "references": ["http://www.ubuntu.com/usn/USN-1006-1", "http://support.apple.com/kb/HT4225", "http://securitytracker.com/id?1024067", "http://www.securityfocus.com/bid/40620", "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html", "http://www.vupen.com/english/advisories/2010/1373", "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "http://support.apple.com/kb/HT4196", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039", "http://www.vupen.com/english/advisories/2010/2722", "http://www.vupen.com/english/advisories/2011/0552", "http://www.vupen.com/english/advisories/2011/0212"], "cvelist": ["CVE-2010-1762"], "type": "cve", "lastseen": "2017-09-19T13:36:57", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7503", "name": "oval:org.mitre.oval:def:7503", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:apple:safari:4.0.1", "cpe:/a:apple:webkit", "cpe:/a:apple:safari:4.0.5", "cpe:/a:apple:safari:4.0.2", "cpe:/a:apple:safari:4.0", "cpe:/a:apple:safari:4.0.4", "cpe:/a:apple:safari:4.0.3", "cpe:/a:apple:safari:4.0.0b"], "cvelist": ["CVE-2010-1762"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.", "edition": 1, "enchantments": {}, "hash": "74adddacffb17eab3ef49abaea6043d98549c2d44ea77c6445cdfe5544555fe3", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "3032a32d119612e2ebfdb30b9a1f6f57", "key": "references"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "ebea5b81f9fbd14667b0c353fe01628b", "key": "href"}, {"hash": "d32a1a4df91d13662ddd9bb49d5d9fa4", "key": "modified"}, {"hash": "01134b7cc6a3741dc54ffc7254712d0b", "key": "cvelist"}, {"hash": "65d25f6f4f7e0737d5e795e00f6c4941", "key": "published"}, {"hash": "e5b65b8e51379c1f3d9f407493427a70", "key": "title"}, {"hash": "e63dc9dec2a88bdd8ff941ae2f243639", "key": "assessment"}, {"hash": "ffb9b54d7abb98039bfdaef305655a21", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "e22c08857e6a9a99e514d16460eb214c", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3abe83210588edb8ac951a6afc6c99d4", "key": "scanner"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1762", "id": "CVE-2010-1762", "lastseen": "2016-09-03T13:52:46", "modified": "2011-03-17T22:49:37", "objectVersion": "1.2", "published": "2010-06-11T15:30:20", "references": ["http://www.ubuntu.com/usn/USN-1006-1", "http://support.apple.com/kb/HT4225", "http://securitytracker.com/id?1024067", "http://www.securityfocus.com/bid/40620", "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html", "http://www.vupen.com/english/advisories/2010/1373", "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "http://support.apple.com/kb/HT4196", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039", "http://www.vupen.com/english/advisories/2010/2722", "http://www.vupen.com/english/advisories/2011/0552", "http://www.vupen.com/english/advisories/2011/0212"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7503", "name": "oval:org.mitre.oval:def:7503", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2010-1762", "type": "cve", "viewCount": 0}, "differentElements": ["assessment", "modified"], "edition": 1, "lastseen": "2016-09-03T13:52:46"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "7a7daed960dee3b2e577e1871800f164"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ffb9b54d7abb98039bfdaef305655a21"}, {"key": "cvelist", "hash": "01134b7cc6a3741dc54ffc7254712d0b"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "e22c08857e6a9a99e514d16460eb214c"}, {"key": "href", "hash": "ebea5b81f9fbd14667b0c353fe01628b"}, {"key": "modified", "hash": "93a164efd31d3aca3784ee34cf80e3b6"}, {"key": "published", "hash": "65d25f6f4f7e0737d5e795e00f6c4941"}, {"key": "references", "hash": "3032a32d119612e2ebfdb30b9a1f6f57"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "3abe83210588edb8ac951a6afc6c99d4"}, {"key": "title", "hash": "e5b65b8e51379c1f3d9f407493427a70"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "2515b92eee60ac8c3cdea13692970ee19a84637a088feb56056a6d9c967d778c", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2017-09-19T13:36:57"}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_11_3_LIBWEBKIT-100723.NASL", "FREEBSD_PKG_19419B3B92BD11DFB1400015F2DB7BDE.NASL", "SAFARI_5_0.NASL", "MACOSX_SAFARI5_0.NASL", "UBUNTU_USN-1006-1.NASL", "MANDRIVA_MDVSA-2011-039.NASL", "SUSE_11_2_LIBWEBKIT-110111.NASL", "SUSE_11_3_LIBWEBKIT-110104.NASL"]}, {"type": "freebsd", "idList": ["19419B3B-92BD-11DF-B140-0015F2DB7BDE"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231067711", "OPENVAS:67711", "OPENVAS:1361412562310862409", "OPENVAS:862409", "OPENVAS:862410", "OPENVAS:1361412562310862410", "OPENVAS:862461", "OPENVAS:862779", "OPENVAS:1361412562310862461", "OPENVAS:1361412562310862779"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23999", "SECURITYVULNS:VULN:10908"]}, {"type": "ubuntu", "idList": ["USN-1006-1"]}], "modified": "2017-09-19T13:36:57"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:apple:safari:4.0.1", "cpe:/a:apple:webkit", "cpe:/a:apple:safari:4.0.5", "cpe:/a:apple:safari:4.0.2", "cpe:/a:apple:safari:4.0", "cpe:/a:apple:safari:4.0.4", "cpe:/a:apple:safari:4.0.3", "cpe:/a:apple:safari:4.0.0b"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7503", "name": "oval:org.mitre.oval:def:7503", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7503", "name": "oval:org.mitre.oval:def:7503", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}
{"nessus": [{"lastseen": "2019-02-21T01:21:44", "bulletinFamily": "scanner", "description": "The libwebkit browser engine version 1.2.3 fixes several security relevant bugs\n\n(CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407, CVE-2010-1416, CVE-2010-1417, CVE-2010-1665, CVE-2010-1418, CVE-2010-1421, CVE-2010-1422, CVE-2010-1501, CVE-2010-1767, CVE-2010-1664, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774)", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_3_LIBWEBKIT-100723.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75627", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libwebkit-2806.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75627);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2010-1386\", \"CVE-2010-1392\", \"CVE-2010-1405\", \"CVE-2010-1407\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1664\", \"CVE-2010-1665\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1767\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\");\n\n script_name(english:\"openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)\");\n script_summary(english:\"Check for the libwebkit-2806 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libwebkit browser engine version 1.2.3 fixes several security\nrelevant bugs\n\n(CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407,\nCVE-2010-1416, CVE-2010-1417, CVE-2010-1665, CVE-2010-1418,\nCVE-2010-1421, CVE-2010-1422, CVE-2010-1501, CVE-2010-1767,\nCVE-2010-1664, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,\nCVE-2010-1761, CVE-2010-1762, CVE-2010-1770, CVE-2010-1771,\nCVE-2010-1772, CVE-2010-1773, CVE-2010-1774)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwebkit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-1_0-2-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-devel-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-lang-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"webkit-jsc-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libwebkit-1_0-2-32bit-1.2.3-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwebkit-1_0-2 / libwebkit-1_0-2-32bit / libwebkit-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:37", "bulletinFamily": "scanner", "description": "Gustavo Noronha reports :\n\nDebian's Michael Gilbert has done a great job going through all CVEs released about WebKit, and including patches in the Debian package.\n1.2.3 includes all of the commits from trunk to fix those, too.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_19419B3B92BD11DFB1400015F2DB7BDE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47751", "published": "2010-07-19T00:00:00", "title": "FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (19419b3b-92bd-11df-b140-0015f2db7bde)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47751);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2010-1386\", \"CVE-2010-1392\", \"CVE-2010-1405\", \"CVE-2010-1407\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1664\", \"CVE-2010-1665\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1767\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-2264\");\n\n script_name(english:\"FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (19419b3b-92bd-11df-b140-0015f2db7bde)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gustavo Noronha reports :\n\nDebian's Michael Gilbert has done a great job going through all CVEs\nreleased about WebKit, and including patches in the Debian package.\n1.2.3 includes all of the commits from trunk to fix those, too.\"\n );\n # http://blog.kov.eti.br/?p=116\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.kov.eti.br/2010/07/webkitgtk-122-and-123-released/\"\n );\n # https://vuxml.freebsd.org/freebsd/19419b3b-92bd-11df-b140-0015f2db7bde.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a10ad78b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk2<1.2.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:26", "bulletinFamily": "scanner", "description": "The version of Safari installed on the remote Windows host is earlier than 5.0. As such, it is potentially affected by numerous issues in the following components :\n\n - ColorSync\n\n - Safari\n\n - WebKit", "modified": "2018-07-30T00:00:00", "id": "SAFARI_5_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46838", "published": "2010-06-08T00:00:00", "title": "Safari < 5.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46838);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/30 11:55:12\");\n\n script_cve_id(\n \"CVE-2009-1726\",\n \"CVE-2010-0544\",\n \"CVE-2010-1119\",\n \"CVE-2010-1384\",\n \"CVE-2010-1385\",\n \"CVE-2010-1389\",\n \"CVE-2010-1390\",\n \"CVE-2010-1391\",\n \"CVE-2010-1392\",\n \"CVE-2010-1393\",\n \"CVE-2010-1394\",\n \"CVE-2010-1395\",\n \"CVE-2010-1396\",\n \"CVE-2010-1397\",\n \"CVE-2010-1398\",\n \"CVE-2010-1399\",\n \"CVE-2010-1400\",\n \"CVE-2010-1401\",\n \"CVE-2010-1402\",\n \"CVE-2010-1403\",\n \"CVE-2010-1404\",\n \"CVE-2010-1405\",\n \"CVE-2010-1406\",\n \"CVE-2010-1408\",\n \"CVE-2010-1409\",\n \"CVE-2010-1410\",\n \"CVE-2010-1412\",\n \"CVE-2010-1413\",\n \"CVE-2010-1414\",\n \"CVE-2010-1415\",\n \"CVE-2010-1416\",\n \"CVE-2010-1417\",\n \"CVE-2010-1418\",\n \"CVE-2010-1419\",\n \"CVE-2010-1421\",\n \"CVE-2010-1422\",\n \"CVE-2010-1749\",\n \"CVE-2010-1750\",\n \"CVE-2010-1758\",\n \"CVE-2010-1759\",\n \"CVE-2010-1761\",\n \"CVE-2010-1762\",\n \"CVE-2010-1764\",\n \"CVE-2010-1770\",\n \"CVE-2010-1771\",\n \"CVE-2010-1774\",\n \"CVE-2010-2264\"\n );\n script_bugtraq_id(\n 40642,\n 40644,\n 40645,\n 40646,\n 40647,\n 40649,\n 40650,\n 40652,\n 40653,\n 40654,\n 40655,\n 40656,\n 40658,\n 40659,\n 40660,\n 40661,\n 40663,\n 40665,\n 40666,\n 40667,\n 40668,\n 40670,\n 40671,\n 40672,\n 40673,\n 40674,\n 40675,\n 40697,\n 40698,\n 40704,\n 40705,\n 40707,\n 40710,\n 40714,\n 40717,\n 40726,\n 40727,\n 40732,\n 40733,\n 40750,\n 40752,\n 40753,\n 40754,\n 40756\n );\n\n script_name(english:\"Safari < 5.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks Safari's version number\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Safari installed on the remote Windows host is earlier\nthan 5.0. As such, it is potentially affected by numerous issues in the\nfollowing components :\n\n - ColorSync\n\n - Safari\n\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4196\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Safari 5.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"safari_installed.nasl\");\n script_require_keys(\"SMB/Safari/FileVersion\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\npath = get_kb_item(\"SMB/Safari/Path\");\nversion = get_kb_item(\"SMB/Safari/FileVersion\");\nif (isnull(version)) exit(1, \"The 'SMB/Safari/FileVersion' KB item is missing.\");\n\nversion_ui = get_kb_item(\"SMB/Safari/ProductVersion\");\nif (isnull(version_ui)) version_ui = version;\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 5 ||\n (\n ver[0] == 5 &&\n (\n ver[1] < 33 ||\n (ver[1] == 33 && ver[2] < 16)\n )\n )\n)\n{\n if (report_verbosity > 0)\n {\n if (isnull(path)) path = \"n/a\";\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_ui +\n '\\n Fixed version : 5.0\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The remote host is not affected since Safari \" + version_ui + \" is installed.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:26", "bulletinFamily": "scanner", "description": "The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.0 / 4.1. As such, it is potentially affected by numerous issues in the following components :\n\n - Safari\n\n - WebKit", "modified": "2018-07-16T00:00:00", "id": "MACOSX_SAFARI5_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46837", "published": "2010-06-08T00:00:00", "title": "Mac OS X : Apple Safari < 5.0 / 4.1", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46837);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2010-0544\",\n \"CVE-2010-1119\",\n \"CVE-2010-1384\",\n \"CVE-2010-1385\",\n \"CVE-2010-1388\",\n \"CVE-2010-1389\",\n \"CVE-2010-1390\",\n \"CVE-2010-1391\",\n \"CVE-2010-1392\",\n \"CVE-2010-1393\",\n \"CVE-2010-1394\",\n \"CVE-2010-1395\",\n \"CVE-2010-1396\",\n \"CVE-2010-1397\",\n \"CVE-2010-1398\",\n \"CVE-2010-1399\",\n \"CVE-2010-1400\",\n \"CVE-2010-1401\",\n \"CVE-2010-1402\",\n \"CVE-2010-1403\",\n \"CVE-2010-1404\",\n \"CVE-2010-1405\",\n \"CVE-2010-1406\",\n \"CVE-2010-1408\",\n \"CVE-2010-1409\",\n \"CVE-2010-1410\",\n \"CVE-2010-1412\",\n \"CVE-2010-1413\",\n \"CVE-2010-1414\",\n \"CVE-2010-1415\",\n \"CVE-2010-1416\",\n \"CVE-2010-1417\",\n \"CVE-2010-1418\",\n \"CVE-2010-1419\",\n \"CVE-2010-1421\",\n \"CVE-2010-1422\",\n \"CVE-2010-1749\",\n \"CVE-2010-1758\",\n \"CVE-2010-1759\",\n \"CVE-2010-1761\",\n \"CVE-2010-1762\",\n \"CVE-2010-1764\",\n \"CVE-2010-1770\",\n \"CVE-2010-1771\",\n \"CVE-2010-1774\",\n \"CVE-2010-2264\"\n );\n script_bugtraq_id(\n 40642,\n 40644,\n 40645,\n 40646,\n 40647,\n 40649,\n 40650,\n 40652,\n 40653,\n 40654,\n 40655,\n 40656,\n 40658,\n 40659,\n 40660,\n 40661,\n 40663,\n 40665,\n 40666,\n 40667,\n 40668,\n 40670,\n 40671,\n 40672,\n 40673,\n 40675,\n 40697,\n 40698,\n 40704,\n 40705,\n 40707,\n 40710,\n 40714,\n 40717,\n 40726,\n 40727,\n 40732,\n 40733,\n 40750,\n 40752,\n 40753,\n 40754,\n 40756\n );\n\n script_name(english:\"Mac OS X : Apple Safari < 5.0 / 4.1\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nearlier than 5.0 / 4.1. As such, it is potentially affected by\nnumerous issues in the following components :\n\n - Safari\n\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4196\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple Safari 5.0 / 4.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/uname\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (!egrep(pattern:\"Darwin.* (8\\.|9\\.[0-8]\\.|10\\.)\", string:uname)) audit(AUDIT_OS_NOT, \"Mac OS X 10.4 / 10.5 / 10.6\");\n\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"4.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.0 / 4.1\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Safari\", version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:59", "bulletinFamily": "scanner", "description": "A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nPlease consult the bug listed at the top of this advisory to get the exact list of CVE numbers fixed for each release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1006-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50046", "published": "2010-10-20T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1006-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1006-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50046);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2009-2797\", \"CVE-2009-2841\", \"CVE-2010-0046\", \"CVE-2010-0047\", \"CVE-2010-0048\", \"CVE-2010-0049\", \"CVE-2010-0050\", \"CVE-2010-0051\", \"CVE-2010-0052\", \"CVE-2010-0053\", \"CVE-2010-0054\", \"CVE-2010-0314\", \"CVE-2010-0647\", \"CVE-2010-0650\", \"CVE-2010-0651\", \"CVE-2010-0656\", \"CVE-2010-1386\", \"CVE-2010-1387\", \"CVE-2010-1389\", \"CVE-2010-1390\", \"CVE-2010-1391\", \"CVE-2010-1392\", \"CVE-2010-1393\", \"CVE-2010-1394\", \"CVE-2010-1395\", \"CVE-2010-1396\", \"CVE-2010-1397\", \"CVE-2010-1398\", \"CVE-2010-1400\", \"CVE-2010-1401\", \"CVE-2010-1402\", \"CVE-2010-1403\", \"CVE-2010-1404\", \"CVE-2010-1405\", \"CVE-2010-1406\", \"CVE-2010-1407\", \"CVE-2010-1408\", \"CVE-2010-1409\", \"CVE-2010-1410\", \"CVE-2010-1412\", \"CVE-2010-1414\", \"CVE-2010-1415\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1419\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1664\", \"CVE-2010-1665\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1764\", \"CVE-2010-1766\", \"CVE-2010-1767\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-1780\", \"CVE-2010-1781\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-2264\", \"CVE-2010-2647\", \"CVE-2010-2648\", \"CVE-2010-3113\", \"CVE-2010-3114\", \"CVE-2010-3115\", \"CVE-2010-3116\", \"CVE-2010-3248\", \"CVE-2010-3257\", \"CVE-2010-3259\");\n script_bugtraq_id(36339, 36996, 37925, 37948, 38177, 38372, 38373, 38684, 38685, 38686, 38687, 38688, 38689, 38690, 38691, 38692, 39804, 39808, 40644, 40646, 40647, 40649, 40650, 40653, 40654, 40655, 40656, 40657, 40658, 40659, 40660, 40661, 40662, 40663, 40665, 40666, 40667, 40668, 40669, 40670, 40671, 40672, 40675, 40697, 40698, 40705, 40707, 40710, 40714, 40726, 40727, 40732, 40750, 40753, 40754, 40756, 41051, 41053, 41572, 41573, 41575, 42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42046, 42049, 42494, 42500, 43047, 43077, 43079, 43081, 43083, 44199, 44200, 44201, 44203, 44204, 44206);\n script_xref(name:\"USN\", value:\"1006-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1006-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKit\nbrowser and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nPlease consult the bug listed at the top of this advisory to get the\nexact list of CVE numbers fixed for each release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1006-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.0-webkit-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit-1.0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit-1.0-2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit-1.0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libwebkit-1.0-2\", pkgver:\"1.2.5-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libwebkit-1.0-2-dbg\", pkgver:\"1.2.5-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libwebkit-1.0-common\", pkgver:\"1.2.5-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libwebkit-dev\", pkgver:\"1.2.5-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"gir1.0-webkit-1.0\", pkgver:\"1.2.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libwebkit-1.0-2\", pkgver:\"1.2.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libwebkit-1.0-2-dbg\", pkgver:\"1.2.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libwebkit-1.0-common\", pkgver:\"1.2.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libwebkit-dev\", pkgver:\"1.2.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"webkit\", pkgver:\"1.2.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"gir1.0-webkit-1.0\", pkgver:\"1.2.5-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libwebkit-1.0-2\", pkgver:\"1.2.5-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libwebkit-1.0-2-dbg\", pkgver:\"1.2.5-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libwebkit-1.0-common\", pkgver:\"1.2.5-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libwebkit-dev\", pkgver:\"1.2.5-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"webkit\", pkgver:\"1.2.5-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gir1.0-webkit-1.0 / libwebkit-1.0-2 / libwebkit-1.0-2-dbg / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:35", "bulletinFamily": "scanner", "description": "Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit.\n\nPlease consult the CVE web links for further information.\n\nThe updated packages have been upgraded to the latest version (1.2.7) to correct these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2011-039.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52523", "published": "2011-03-03T00:00:00", "title": "Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52523);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\n \"CVE-2009-2797\",\n \"CVE-2009-2841\",\n \"CVE-2010-0046\",\n \"CVE-2010-0047\",\n \"CVE-2010-0048\",\n \"CVE-2010-0049\",\n \"CVE-2010-0050\",\n \"CVE-2010-0051\",\n \"CVE-2010-0052\",\n \"CVE-2010-0053\",\n \"CVE-2010-0054\",\n \"CVE-2010-0314\",\n \"CVE-2010-0647\",\n \"CVE-2010-0650\",\n \"CVE-2010-0651\",\n \"CVE-2010-0656\",\n \"CVE-2010-1386\",\n \"CVE-2010-1387\",\n \"CVE-2010-1389\",\n \"CVE-2010-1390\",\n \"CVE-2010-1391\",\n \"CVE-2010-1392\",\n \"CVE-2010-1393\",\n \"CVE-2010-1394\",\n \"CVE-2010-1395\",\n \"CVE-2010-1396\",\n \"CVE-2010-1397\",\n \"CVE-2010-1398\",\n \"CVE-2010-1400\",\n \"CVE-2010-1401\",\n \"CVE-2010-1402\",\n \"CVE-2010-1403\",\n \"CVE-2010-1404\",\n \"CVE-2010-1405\",\n \"CVE-2010-1406\",\n \"CVE-2010-1407\",\n \"CVE-2010-1408\",\n \"CVE-2010-1409\",\n \"CVE-2010-1410\",\n \"CVE-2010-1412\",\n \"CVE-2010-1414\",\n \"CVE-2010-1415\",\n \"CVE-2010-1416\",\n \"CVE-2010-1417\",\n \"CVE-2010-1418\",\n \"CVE-2010-1419\",\n \"CVE-2010-1421\",\n \"CVE-2010-1422\",\n \"CVE-2010-1664\",\n \"CVE-2010-1665\",\n \"CVE-2010-1758\",\n \"CVE-2010-1759\",\n \"CVE-2010-1760\",\n \"CVE-2010-1761\",\n \"CVE-2010-1762\",\n \"CVE-2010-1764\",\n \"CVE-2010-1766\",\n \"CVE-2010-1767\",\n \"CVE-2010-1770\",\n \"CVE-2010-1771\",\n \"CVE-2010-1772\",\n \"CVE-2010-1773\",\n \"CVE-2010-1774\",\n \"CVE-2010-1780\",\n \"CVE-2010-1781\",\n \"CVE-2010-1782\",\n \"CVE-2010-1783\",\n \"CVE-2010-1784\",\n \"CVE-2010-1785\",\n \"CVE-2010-1786\",\n \"CVE-2010-1787\",\n \"CVE-2010-1788\",\n \"CVE-2010-1790\",\n \"CVE-2010-1791\",\n \"CVE-2010-1792\",\n \"CVE-2010-1793\",\n \"CVE-2010-1807\",\n \"CVE-2010-1812\",\n \"CVE-2010-1814\",\n \"CVE-2010-1815\",\n \"CVE-2010-2264\",\n \"CVE-2010-2647\",\n \"CVE-2010-2648\",\n \"CVE-2010-3113\",\n \"CVE-2010-3114\",\n \"CVE-2010-3115\",\n \"CVE-2010-3116\",\n \"CVE-2010-3119\",\n \"CVE-2010-3248\",\n \"CVE-2010-3255\",\n \"CVE-2010-3257\",\n \"CVE-2010-3259\",\n \"CVE-2010-3812\",\n \"CVE-2010-3813\",\n \"CVE-2010-4040\",\n \"CVE-2010-4197\",\n \"CVE-2010-4198\",\n \"CVE-2010-4204\",\n \"CVE-2010-4206\"\n );\n script_bugtraq_id(\n 36339,\n 36996,\n 37925,\n 38372,\n 38373,\n 38684,\n 38685,\n 38686,\n 38687,\n 38688,\n 38689,\n 38690,\n 38691,\n 38692,\n 39804,\n 39808,\n 40644,\n 40646,\n 40647,\n 40649,\n 40650,\n 40653,\n 40654,\n 40655,\n 40656,\n 40657,\n 40658,\n 40659,\n 40660,\n 40661,\n 40662,\n 40663,\n 40665,\n 40666,\n 40667,\n 40668,\n 40669,\n 40670,\n 40671,\n 40672,\n 40675,\n 40697,\n 40698,\n 40705,\n 40707,\n 40710,\n 40714,\n 40726,\n 40727,\n 40732,\n 40750,\n 40753,\n 40754,\n 40756,\n 41051,\n 41053,\n 41572,\n 41573,\n 41575,\n 42034,\n 42035,\n 42036,\n 42037,\n 42038,\n 42041,\n 42042,\n 42043,\n 42044,\n 42045,\n 42046,\n 42049,\n 42494,\n 42500,\n 43047,\n 43077,\n 43079,\n 43081,\n 43083,\n 44199,\n 44200,\n 44201,\n 44203,\n 44204,\n 44206,\n 44215,\n 44216,\n 44217,\n 44954,\n 44960,\n 45718,\n 45719,\n 45720,\n 45721\n );\n script_xref(name:\"MDVSA\", value:\"2011:039\");\n\n script_name(english:\"Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple cross-site scripting, denial of service and arbitrary code\nexecution security flaws were discovered in webkit.\n\nPlease consult the CVE web links for further information.\n\nThe updated packages have been upgraded to the latest version (1.2.7)\nto correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64webkitgtk1.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64webkitgtk1.0_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwebkitgtk1.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwebkitgtk1.0_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:webkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:webkit-gtklauncher\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:webkit1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:webkit1.0-webinspector\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"webkit-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"webkit-gtklauncher-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"webkit-jsc-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"webkit1.0-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"webkit1.0-webinspector-1.2.7-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:44", "bulletinFamily": "scanner", "description": "Various bugs in webkit have been fixed. The CVE id's are :\n\nCVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_3_LIBWEBKIT-110104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75629", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libwebkit-3787.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75629);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2009-0945\", \"CVE-2009-1681\", \"CVE-2009-1684\", \"CVE-2009-1685\", \"CVE-2009-1686\", \"CVE-2009-1687\", \"CVE-2009-1688\", \"CVE-2009-1689\", \"CVE-2009-1690\", \"CVE-2009-1691\", \"CVE-2009-1692\", \"CVE-2009-1693\", \"CVE-2009-1694\", \"CVE-2009-1695\", \"CVE-2009-1696\", \"CVE-2009-1697\", \"CVE-2009-1698\", \"CVE-2009-1699\", \"CVE-2009-1700\", \"CVE-2009-1701\", \"CVE-2009-1702\", \"CVE-2009-1703\", \"CVE-2009-1709\", \"CVE-2009-1710\", \"CVE-2009-1711\", \"CVE-2009-1712\", \"CVE-2009-1713\", \"CVE-2009-1714\", \"CVE-2009-1715\", \"CVE-2009-1718\", \"CVE-2009-1724\", \"CVE-2009-1725\", \"CVE-2009-2195\", \"CVE-2009-2199\", \"CVE-2009-2200\", \"CVE-2009-2419\", \"CVE-2009-2797\", \"CVE-2009-2816\", \"CVE-2009-2841\", \"CVE-2009-3272\", \"CVE-2009-3384\", \"CVE-2009-3933\", \"CVE-2009-3934\", \"CVE-2010-0046\", \"CVE-2010-0047\", \"CVE-2010-0048\", \"CVE-2010-0049\", \"CVE-2010-0050\", \"CVE-2010-0051\", \"CVE-2010-0052\", \"CVE-2010-0053\", \"CVE-2010-0054\", \"CVE-2010-0315\", \"CVE-2010-0647\", \"CVE-2010-0650\", \"CVE-2010-0651\", \"CVE-2010-0656\", \"CVE-2010-0659\", \"CVE-2010-0661\", \"CVE-2010-1029\", \"CVE-2010-1126\", \"CVE-2010-1233\", \"CVE-2010-1236\", \"CVE-2010-1386\", \"CVE-2010-1387\", \"CVE-2010-1388\", \"CVE-2010-1389\", \"CVE-2010-1390\", \"CVE-2010-1391\", \"CVE-2010-1392\", \"CVE-2010-1393\", \"CVE-2010-1394\", \"CVE-2010-1395\", \"CVE-2010-1396\", \"CVE-2010-1397\", \"CVE-2010-1398\", \"CVE-2010-1399\", \"CVE-2010-1400\", \"CVE-2010-1401\", \"CVE-2010-1402\", \"CVE-2010-1403\", \"CVE-2010-1404\", \"CVE-2010-1405\", \"CVE-2010-1406\", \"CVE-2010-1407\", \"CVE-2010-1408\", \"CVE-2010-1409\", \"CVE-2010-1410\", \"CVE-2010-1412\", \"CVE-2010-1413\", \"CVE-2010-1414\", \"CVE-2010-1415\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1419\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1729\", \"CVE-2010-1749\", \"CVE-2010-1757\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1763\", \"CVE-2010-1764\", \"CVE-2010-1766\", \"CVE-2010-1767\", \"CVE-2010-1769\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-1780\", \"CVE-2010-1781\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1789\", \"CVE-2010-1790\", \"CVE-2010-1791\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1813\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1822\", \"CVE-2010-1823\", \"CVE-2010-1824\", \"CVE-2010-1825\", \"CVE-2010-2264\", \"CVE-2010-2295\", \"CVE-2010-2297\", \"CVE-2010-2300\", \"CVE-2010-2301\", \"CVE-2010-2302\", \"CVE-2010-2441\", \"CVE-2010-3116\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3312\", \"CVE-2010-3803\", \"CVE-2010-3804\", \"CVE-2010-3805\", \"CVE-2010-3808\", \"CVE-2010-3809\", \"CVE-2010-3810\", \"CVE-2010-3811\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-3816\", \"CVE-2010-3817\", \"CVE-2010-3818\", \"CVE-2010-3819\", \"CVE-2010-3820\", \"CVE-2010-3821\", \"CVE-2010-3822\", \"CVE-2010-3823\", \"CVE-2010-3824\", \"CVE-2010-3826\", \"CVE-2010-3829\", \"CVE-2010-3900\");\n\n script_name(english:\"openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)\");\n script_summary(english:\"Check for the libwebkit-3787 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various bugs in webkit have been fixed. The CVE id's are :\n\nCVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685,\nCVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689,\nCVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693,\nCVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697,\nCVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701,\nCVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710,\nCVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714,\nCVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725,\nCVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419,\nCVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272,\nCVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046,\nCVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050,\nCVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315,\nCVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651,\nCVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029,\nCVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386,\nCVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390,\nCVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394,\nCVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398,\nCVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402,\nCVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406,\nCVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,\nCVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415,\nCVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419,\nCVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749,\nCVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,\nCVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764,\nCVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770,\nCVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774,\nCVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,\nCVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,\nCVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791,\nCVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812,\nCVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822,\nCVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264,\nCVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301,\nCVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257,\nCVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804,\nCVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810,\nCVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816,\nCVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820,\nCVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824,\nCVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwebkit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 94, 119, 189, 200, 264, 310, 352, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-1_0-2-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-devel-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-lang-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"webkit-jsc-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libwebkit-1_0-2-32bit-1.2.6-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwebkit-1_0-2 / libwebkit-1_0-2-32bit / libwebkit-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:53", "bulletinFamily": "scanner", "description": "Various bugs in webkit have been fixed. The CVE id's are :\n\nCVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_2_LIBWEBKIT-110111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53764", "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libwebkit-3787.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53764);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2009-0945\", \"CVE-2009-1681\", \"CVE-2009-1684\", \"CVE-2009-1685\", \"CVE-2009-1686\", \"CVE-2009-1687\", \"CVE-2009-1688\", \"CVE-2009-1689\", \"CVE-2009-1690\", \"CVE-2009-1691\", \"CVE-2009-1692\", \"CVE-2009-1693\", \"CVE-2009-1694\", \"CVE-2009-1695\", \"CVE-2009-1696\", \"CVE-2009-1697\", \"CVE-2009-1698\", \"CVE-2009-1699\", \"CVE-2009-1700\", \"CVE-2009-1701\", \"CVE-2009-1702\", \"CVE-2009-1703\", \"CVE-2009-1709\", \"CVE-2009-1710\", \"CVE-2009-1711\", \"CVE-2009-1712\", \"CVE-2009-1713\", \"CVE-2009-1714\", \"CVE-2009-1715\", \"CVE-2009-1718\", \"CVE-2009-1724\", \"CVE-2009-1725\", \"CVE-2009-2195\", \"CVE-2009-2199\", \"CVE-2009-2200\", \"CVE-2009-2419\", \"CVE-2009-2797\", \"CVE-2009-2816\", \"CVE-2009-2841\", \"CVE-2009-3272\", \"CVE-2009-3384\", \"CVE-2009-3933\", \"CVE-2009-3934\", \"CVE-2010-0046\", \"CVE-2010-0047\", \"CVE-2010-0048\", \"CVE-2010-0049\", \"CVE-2010-0050\", \"CVE-2010-0051\", \"CVE-2010-0052\", \"CVE-2010-0053\", \"CVE-2010-0054\", \"CVE-2010-0315\", \"CVE-2010-0647\", \"CVE-2010-0650\", \"CVE-2010-0651\", \"CVE-2010-0656\", \"CVE-2010-0659\", \"CVE-2010-0661\", \"CVE-2010-1029\", \"CVE-2010-1126\", \"CVE-2010-1233\", \"CVE-2010-1236\", \"CVE-2010-1386\", \"CVE-2010-1387\", \"CVE-2010-1388\", \"CVE-2010-1389\", \"CVE-2010-1390\", \"CVE-2010-1391\", \"CVE-2010-1392\", \"CVE-2010-1393\", \"CVE-2010-1394\", \"CVE-2010-1395\", \"CVE-2010-1396\", \"CVE-2010-1397\", \"CVE-2010-1398\", \"CVE-2010-1399\", \"CVE-2010-1400\", \"CVE-2010-1401\", \"CVE-2010-1402\", \"CVE-2010-1403\", \"CVE-2010-1404\", \"CVE-2010-1405\", \"CVE-2010-1406\", \"CVE-2010-1407\", \"CVE-2010-1408\", \"CVE-2010-1409\", \"CVE-2010-1410\", \"CVE-2010-1412\", \"CVE-2010-1413\", \"CVE-2010-1414\", \"CVE-2010-1415\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1419\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1729\", \"CVE-2010-1749\", \"CVE-2010-1757\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1763\", \"CVE-2010-1764\", \"CVE-2010-1766\", \"CVE-2010-1767\", \"CVE-2010-1769\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-1780\", \"CVE-2010-1781\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1789\", \"CVE-2010-1790\", \"CVE-2010-1791\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1813\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1822\", \"CVE-2010-1823\", \"CVE-2010-1824\", \"CVE-2010-1825\", \"CVE-2010-2264\", \"CVE-2010-2295\", \"CVE-2010-2297\", \"CVE-2010-2300\", \"CVE-2010-2301\", \"CVE-2010-2302\", \"CVE-2010-2441\", \"CVE-2010-3116\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3312\", \"CVE-2010-3803\", \"CVE-2010-3804\", \"CVE-2010-3805\", \"CVE-2010-3808\", \"CVE-2010-3809\", \"CVE-2010-3810\", \"CVE-2010-3811\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-3816\", \"CVE-2010-3817\", \"CVE-2010-3818\", \"CVE-2010-3819\", \"CVE-2010-3820\", \"CVE-2010-3821\", \"CVE-2010-3822\", \"CVE-2010-3823\", \"CVE-2010-3824\", \"CVE-2010-3826\", \"CVE-2010-3829\", \"CVE-2010-3900\");\n\n script_name(english:\"openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)\");\n script_summary(english:\"Check for the libwebkit-3787 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various bugs in webkit have been fixed. The CVE id's are :\n\nCVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685,\nCVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689,\nCVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693,\nCVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697,\nCVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701,\nCVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710,\nCVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714,\nCVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725,\nCVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419,\nCVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272,\nCVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046,\nCVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050,\nCVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315,\nCVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651,\nCVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029,\nCVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386,\nCVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390,\nCVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394,\nCVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398,\nCVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402,\nCVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406,\nCVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,\nCVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415,\nCVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419,\nCVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749,\nCVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,\nCVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764,\nCVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770,\nCVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774,\nCVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,\nCVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,\nCVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791,\nCVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812,\nCVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822,\nCVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264,\nCVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301,\nCVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257,\nCVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804,\nCVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810,\nCVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816,\nCVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820,\nCVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824,\nCVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwebkit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 94, 119, 189, 200, 264, 310, 352, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwebkit-1_0-2-1.2.6-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwebkit-devel-1.2.6-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwebkit-lang-1.2.6-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"webkit-jsc-1.2.6-0.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwebkit-1_0-2 / libwebkit-devel / libwebkit-lang / webkit-jsc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-10T00:00:00", "published": "2010-07-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67711", "id": "OPENVAS:67711", "title": "FreeBSD Ports: webkit-gtk2", "type": "openvas", "sourceData": "#\n#VID 19419b3b-92bd-11df-b140-0015f2db7bde\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 19419b3b-92bd-11df-b140-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: webkit-gtk2\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://blog.kov.eti.br/?p=116\nhttp://www.vuxml.org/freebsd/19419b3b-92bd-11df-b140-0015f2db7bde.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67711);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-1386\", \"CVE-2010-1392\", \"CVE-2010-1405\", \"CVE-2010-1407\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1501\", \"CVE-2010-1664\", \"CVE-2010-1665\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1767\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-2264\");\n script_name(\"FreeBSD Ports: webkit-gtk2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"webkit-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.3\")<0) {\n txt += 'Package webkit-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-12-27T00:00:00", "published": "2010-07-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067711", "id": "OPENVAS:136141256231067711", "title": "FreeBSD Ports: webkit-gtk2", "type": "openvas", "sourceData": "#\n#VID 19419b3b-92bd-11df-b140-0015f2db7bde\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 19419b3b-92bd-11df-b140-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: webkit-gtk2\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://blog.kov.eti.br/?p=116\nhttp://www.vuxml.org/freebsd/19419b3b-92bd-11df-b140-0015f2db7bde.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67711\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-1386\", \"CVE-2010-1392\", \"CVE-2010-1405\", \"CVE-2010-1407\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1501\", \"CVE-2010-1664\", \"CVE-2010-1665\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1767\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-2264\");\n script_name(\"FreeBSD Ports: webkit-gtk2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"webkit-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.3\")<0) {\n txt += 'Package webkit-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:05:55", "bulletinFamily": "scanner", "description": "Check for the Version of webkitgtk", "modified": "2018-01-25T00:00:00", "published": "2010-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862409", "id": "OPENVAS:1361412562310862409", "title": "Fedora Update for webkitgtk FEDORA-2010-14409", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-14409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047699.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862409\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-14409\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1767\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1761\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-1772\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1758\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-14409\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:38", "bulletinFamily": "scanner", "description": "Check for the Version of webkitgtk", "modified": "2017-12-25T00:00:00", "published": "2010-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862410", "id": "OPENVAS:862410", "title": "Fedora Update for webkitgtk FEDORA-2010-14419", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-14419\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 12\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047984.html\");\n script_id(862410);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-14419\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1767\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1761\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-1772\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1758\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-14419\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.4~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:43", "bulletinFamily": "scanner", "description": "Check for the Version of webkitgtk", "modified": "2017-12-26T00:00:00", "published": "2010-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862409", "id": "OPENVAS:862409", "title": "Fedora Update for webkitgtk FEDORA-2010-14409", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-14409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047699.html\");\n script_id(862409);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-14409\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1767\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1761\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-1772\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1758\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-14409\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:55:18", "bulletinFamily": "scanner", "description": "Check for the Version of webkitgtk", "modified": "2018-01-24T00:00:00", "published": "2010-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862410", "id": "OPENVAS:1361412562310862410", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-14419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-14419\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 12\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047984.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862410\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-14419\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1767\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1761\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-1772\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1758\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-14419\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.4~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:45", "bulletinFamily": "scanner", "description": "Check for the Version of webkitgtk", "modified": "2017-12-19T00:00:00", "published": "2010-10-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862461", "id": "OPENVAS:862461", "title": "Fedora Update for webkitgtk FEDORA-2010-15982", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-15982\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 12\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049544.html\");\n script_id(862461);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15982\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1807\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-2264\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1772\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-15982\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.5~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:31", "bulletinFamily": "scanner", "description": "Check for the Version of webkitgtk", "modified": "2017-07-10T00:00:00", "published": "2011-01-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862779", "id": "OPENVAS:862779", "title": "Fedora Update for webkitgtk FEDORA-2011-0121", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2011-0121\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html\");\n script_id(862779);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-0121\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1788\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2264\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-4198\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1807\", \"CVE-2010-4197\", \"CVE-2010-1774\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1770\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-3255\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1786\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-3119\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1791\", \"CVE-2010-1790\", \"CVE-2010-4206\", \"CVE-2010-4204\", \"CVE-2010-1772\", \"CVE-2010-1392\", \"CVE-2010-4577\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2011-0121\");\n\n script_summary(\"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.6~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-05T13:46:29", "bulletinFamily": "scanner", "description": "This host is installed with Apple Safari Web Browser and is prone to\n to multiple vulnerabilities.", "modified": "2018-12-04T00:00:00", "published": "2010-06-16T00:00:00", "id": "OPENVAS:1361412562310801362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801362", "title": "Apple Safari Multiple Vulnerabilities (June-10)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_safari_mult_vuln_jun10.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities (June-10)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801362\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-16 08:26:33 +0200 (Wed, 16 Jun 2010)\");\n script_cve_id(\"CVE-2010-1385\", \"CVE-2010-1384\", \"CVE-2010-1390\", \"CVE-2010-1389\",\n \"CVE-2010-1391\", \"CVE-2010-1393\", \"CVE-2010-1392\", \"CVE-2010-1394\",\n \"CVE-2010-1395\", \"CVE-2010-1396\", \"CVE-2010-1398\", \"CVE-2010-1397\",\n \"CVE-2010-1400\", \"CVE-2010-1399\", \"CVE-2010-1401\", \"CVE-2010-1403\",\n \"CVE-2010-1402\", \"CVE-2010-1404\", \"CVE-2010-1406\", \"CVE-2010-1405\",\n \"CVE-2010-1408\", \"CVE-2010-1409\", \"CVE-2010-1410\", \"CVE-2010-1413\",\n \"CVE-2010-1412\", \"CVE-2010-1414\", \"CVE-2010-1416\", \"CVE-2010-1415\",\n \"CVE-2010-1417\", \"CVE-2010-1422\", \"CVE-2010-1750\", \"CVE-2010-1749\",\n \"CVE-2010-1418\", \"CVE-2010-0544\", \"CVE-2010-1419\", \"CVE-2010-1758\",\n \"CVE-2010-1421\", \"CVE-2010-1761\", \"CVE-2010-1759\", \"CVE-2010-1762\",\n \"CVE-2010-1770\", \"CVE-2010-1764\", \"CVE-2010-1774\", \"CVE-2010-1771\",\n \"CVE-2010-2264\");\n script_bugtraq_id(40620);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities (June-10)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4196\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40105\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1373\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Jun/1024067.html\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to bypass certain security\n checks, gain knowledge of sensitive information or execute arbitrary code\n by tricking a user into visiting a specially crafted web page.\");\n script_tag(name:\"affected\", value:\"Apple Safari version prior to 5.0(5.33.16.0) on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.0 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari Web Browser and is prone to\n to multiple vulnerabilities.\");\n script_tag(name:\"insight\", value:\"The multiple issues are caused by use-after-free, double free, integer\n truncation, heap overflow, memory corruption, uninitialized memory access,\n input validation and implementation errors in ColorSync and WebKit.\n\n NOTE: For more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.apple.com/support/downloads\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafariVer = get_kb_item(\"AppleSafari/Version\");\nif(!safariVer){\n exit(0);\n}\n\nif(version_is_less(version:safariVer, test_version:\"5.33.16.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:09:52", "bulletinFamily": "scanner", "description": "This host is installed with Apple Safari Web Browser and is prone to\n to multiple vulnerabilities.", "modified": "2017-02-10T00:00:00", "published": "2010-06-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=801362", "id": "OPENVAS:801362", "title": "Apple Safari Multiple Vulnerabilities (June-10)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_safari_mult_vuln_jun10.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities (June-10)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_insight = \"The multiple issues are caused by use-after-free, double free, integer\n truncation, heap overflow, memory corruption, uninitialized memory access,\n input validation and implementation errors in ColorSync and WebKit.\n\n NOTE: For more information, refer to,\n\n http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html\";\n\ntag_impact = \"Successful exploitation will allow attacker to bypass certain security\n checks, gain knowledge of sensitive information or execute arbitrary code\n by tricking a user into visiting a specially crafted web page.\n Impact Level: Application\";\ntag_affected = \"Apple Safari version prior to 5.0(5.33.16.0) on Windows.\";\ntag_solution = \"Upgrade to Apple Safari version 5.0 or later,\n For updates refer to http://www.apple.com/support/downloads\";\ntag_summary = \"This host is installed with Apple Safari Web Browser and is prone to\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(801362);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-16 08:26:33 +0200 (Wed, 16 Jun 2010)\");\n script_cve_id(\"CVE-2010-1385\", \"CVE-2010-1384\", \"CVE-2010-1390\", \"CVE-2010-1389\",\n \"CVE-2010-1391\", \"CVE-2010-1393\", \"CVE-2010-1392\", \"CVE-2010-1394\",\n \"CVE-2010-1395\", \"CVE-2010-1396\", \"CVE-2010-1398\", \"CVE-2010-1397\",\n \"CVE-2010-1400\", \"CVE-2010-1399\", \"CVE-2010-1401\", \"CVE-2010-1403\",\n \"CVE-2010-1402\", \"CVE-2010-1404\", \"CVE-2010-1406\", \"CVE-2010-1405\",\n \"CVE-2010-1408\", \"CVE-2010-1409\", \"CVE-2010-1410\", \"CVE-2010-1413\",\n \"CVE-2010-1412\", \"CVE-2010-1414\", \"CVE-2010-1416\", \"CVE-2010-1415\",\n \"CVE-2010-1417\", \"CVE-2010-1422\", \"CVE-2010-1750\", \"CVE-2010-1749\",\n \"CVE-2010-1418\", \"CVE-2010-0544\", \"CVE-2010-1419\", \"CVE-2010-1758\",\n \"CVE-2010-1421\", \"CVE-2010-1761\", \"CVE-2010-1759\", \"CVE-2010-1762\",\n \"CVE-2010-1770\", \"CVE-2010-1764\", \"CVE-2010-1774\", \"CVE-2010-1771\",\n \"CVE-2010-2264\");\n script_bugtraq_id(40620);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities (June-10)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4196\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40105\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1373\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2010/Jun/1024067.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafariVer = get_kb_item(\"AppleSafari/Version\");\nif(!safariVer){\n exit(0);\n}\n\n# Check for Apple Safari Version 5.0(5.33.16.0) and prior.\nif(version_is_less(version:safariVer, test_version:\"5.33.16.0\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:20", "bulletinFamily": "unix", "description": "\nGustavo Noronha reports:\n\nDebian's Michael Gilbert has done a great job going through all\n\t CVEs released about WebKit, and including patches in the Debian\n\t package. 1.2.3 includes all of the commits from trunk to fix those,\n\t too.\n\n", "modified": "2010-07-16T00:00:00", "published": "2010-07-16T00:00:00", "id": "19419B3B-92BD-11DF-B140-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/19419b3b-92bd-11df-b140-0015f2db7bde.html", "title": "webkit-gtk2 -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "description": "About the security content of Safari 5.0 and Safari 4.1\r\n\r\n * Last Modified: June 07, 2010\r\n * Article: HT4196\r\n\r\n[Email this article]\r\n[Print this page]\r\nSummary\r\n\r\nThis document describes the security content of Safari 5.0 and Safari 4.1.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nSafari 4 (Mac OS X 10.4), Safari 5 (Windows), Safari 5 (Mac OS X 10.6), Safari 5 (Mac OS X 10.5)\r\nSafari 5.0\r\n\r\n *\r\n\r\n ColorSync\r\n\r\n CVE-ID: CVE-2009-1726\r\n\r\n Available for: Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of ColorSync profiles. Credit to Chris Evans of the Google Security Team, and Andrzej Dyjak for reporting this issue.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2010-1384\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: A maliciously crafted URL may be obfuscated, making phishing attacks more effective\r\n\r\n Description: Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. These URLs are often used to confuse users, which can potentially aid phishing attacks. Safari is updated to display a warning before navigating to an HTTP or HTTPS URL containing user information. Credit to Abhishek Arya of Google, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2010-1385\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in Safari's handling of PDF files. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of PDF files. Credit to Borja Marcos of Sarenet for reporting this issue.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2010-1750\r\n\r\n Available for: Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in Safari's management of windows. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved window management. This issue does not affect Mac OS X systems.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1388\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later\r\n\r\n Impact: Dragging or pasting links or images may lead to an information disclosure\r\n\r\n Description: An implementation issue exists in WebKit's handling of URLs in the clipboard. Visiting a maliciously crafted website and dragging or pasting links or images may send files from the user's system to a remote server. This issue is addressed through additional validation of URLs in the clipboard. This issue does not affect Windows systems. Credit to Eric Seidel of Google, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1389\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Dragging or pasting a selection may lead to a cross-site scripting attack\r\n\r\n Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation. Credit to Paul Stone of Context Information Security for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1390\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a website using UTF-7 encoding may lead to a cross-site scripting attack\r\n\r\n Description: A canonicalization issue exists in WebKit's handling of UTF-7 encoded text. An HTML quoted string may be left unterminated, leading to a cross-site scripting attack or other issues. This issue is addressed by removing support for UTF-7 encoding in WebKit. Credit to Masahiro Yamada for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1391\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may cause files to be created in arbitrary user-writable locations\r\n\r\n Description: A path traversal issue exists in WebKit's support for Local Storage and Web SQL databases. If accessed from an application-defined scheme containing '%2f' (/) or '%5c' (\) and '..' in the host section of the URL, a maliciously crafted website may cause database files to be created outside of the designated directory. This issue is addressed by encoding characters that may have special meaning in pathnames. This issue does not affect sites served from http: or https: schemes. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1392\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's rendering of HTML buttons. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Matthieu Bonetti of VUPEN Vulnerability Research Team for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1393\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an information disclosure\r\n\r\n Description: An information disclosure issue exists in WebKit's handling of Cascading Stylesheets. If a stylesheet's HREF attribute is set to a URL that causes a redirection, scripts on the page may be able to access the redirected URL. Visiting a maliciously crafted website may lead to the disclosure of sensitive URLs on another site. This issue is addressed by returning the original URL to scripts, rather than the redirected URL.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1119\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of attribute manipulation. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1394\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack\r\n\r\n Description: A design issue exists in WebKit's handling of HTML document fragments. The contents of HTML document fragments are processed before a fragment is actually added to a document. Visiting a maliciously crafted website could lead to a cross-site scripting attack if a legitimate website attempts to manipulate a document fragment containing untrusted data. This issue is addressed by ensuring that initial fragment parsing has no side effects on the document that created the fragment. Credit to Eduardo Vela Nava (sirdarckcat) of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1422\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Interacting with a maliciously crafted website may result in unexpected actions on other sites\r\n\r\n Description: An implementation issue exists in WebKit's handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase. This issue is addressed by preventing the delivery of key press events if the keyboard focus changes during processing. Credit to Michal Zalewski of Google, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1395\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a malicious site may lead to a cross-site scripting attack\r\n\r\n Description: A scope management issue exists in WebKit's handling of DOM constructor objects. Visiting a malicious site may lead to a cross-site scripting attack. This issue is addressed through improved handling of DOM constructor objects. Credit to Gianni "gf3" Chiappetta of Runlevel6 for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1396\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of the removal of container elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1397\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's rendering of a selection when the layout changes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of selections. Credit to wushi&Z of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1398\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of ordered list insertions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of list insertions. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1399\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in WebKit's handling of selection changes on form input elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of selections. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1400\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of caption elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of caption elements. Credit to regenrecht working with iDefense for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1401\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of the ':first-letter' pseudo-element in cascading stylesheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the ':first-letter' pseudo-element. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1402\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A double free issue exists in WebKit's handling of event listeners in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1403\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in WebKit's handling of 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative, for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1404\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of SVG documents with multiple 'use' elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1410\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of nested 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of nested 'use' elements in SVG documents. Credit to Aki Helin of OUSPG for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1749\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of CSS run-ins. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS run-ins. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1405\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of HTML elements with custom vertical positioning. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to Ojan Vafai of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1406\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting an HTTPS site which redirects to an HTTP site may lead to an information disclosure\r\n\r\n Description: When WebKit is redirected from an HTTPS site to an HTTP site, the Referer header is passed to the HTTP site. This can lead to the disclosure of sensitive information contained in the URL of the HTTPS site. This issue is addressed by not passing the Referer header when an HTTPS site redirects to an HTTP site. Credit to Colin Percival of Tarsnap for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1408\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may result in sending remotely specified data to arbitrary TCP ports\r\n\r\n Description: An integer truncation issue exists in WebKit's handling of requests to non-default TCP ports. Visiting a maliciously crafted website may result in sending remotely specified data to arbitrary TCP ports. This issue is addressed by ensuring that port numbers are within the valid range.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1409\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may allow remotely specified data to be sent to an IRC server\r\n\r\n Description: Common IRC service ports are not included in WebKit's port blacklist. Visiting a maliciously crafted website may allow remotely specified data to be sent to an IRC server. This may cause the server to take unintended actions on the user's behalf. This issue is addressed by adding the affected ports to WebKit's port blacklist.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1412\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of hover events. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of hover events. Credit to Dave Bowker of davebowker.com for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1413\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: A user's NTLM credentials may be exposed to a man in the middle attacker\r\n\r\n Description: In certain circumstances, WebKit may send NTLM credentials in plain text. This would allow a man in the middle attacker to view the NTLM credentials. This issue is addressed through improved handling of NTLM credentials. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1414\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of the removeChild DOM method. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of child element removal. Credit to Mark Dowd of Azimuth Security for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1415\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An API abuse issue exists in WebKit's handling of libxml contexts. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of libxml context objects. Credit to Aki Helin of OUSPG for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1416\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may disclose images from other sites\r\n\r\n Description: A cross-site image capture issue exists in WebKit. By using a canvas with an SVG image pattern, a maliciously crafted website may load and capture an image from another website. This issue is addressed by restricting the reading of canvases that contain patterns loaded from other websites. Credit to Chris Evans of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1417\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's rendering of CSS-styled HTML content with multiple :after pseudo-selectors. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved rendering of HTML content. Credit to wushi of team509 for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1418\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack\r\n\r\n Description: An input validation issue exists in WebKit's handling of the src attribute of the frame element. An attribute with a javascript scheme and leading spaces is considered valid. Visiting a maliciously crafted website could lead to a cross-site scripting attack. This update addresses the issue by properly validating frame.src before the URL is dereferenced. Credit to Sergey Glazunov for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1419\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of drag and drop when the window acting as a source of a drag operation is closed before the drag operation is completed. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to kuzzcc, and Skylined of Google Chrome Security Team for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1421\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may change the contents of the clipboard\r\n\r\n Description: A design issue exists in the implementation of the JavaScript function execCommand. A maliciously crafted web page can modify the contents of the clipboard without user interaction. This issue is addressed by only allowing clipboard commands to be executed if initiated by the user. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-0544\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may result in a cross-site scripting attack\r\n\r\n Description: An issue in Webkit's handling of malformed URLs may result in a cross-site scripting attack when visiting a maliciously crafted website. This issue is addressed through improved handling of URLs. Credit to Michal Zalewski of Google, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1758\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of DOM Range objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of DOM Range objects. Credit to Yaar Schnitman of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1759\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of the Node.normalize method. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the Node.normalize method. Credit to Mark Dowd for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1761\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's rendering of HTML document subtrees. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved rendering of HTML document subtrees. Credit to James Robinson of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1762\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack\r\n\r\n Description: A design issue exists in the handling of HTML contained in textarea elements. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved validation of textarea elements. Credit to Eduardo Vela Nava (sirdarckcat) of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1764\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a website which redirects form submissions may lead to an information disclosure\r\n\r\n Description: A design issue exists in WebKit's handling of HTTP redirects. When a form submission is redirected to a website that also does a redirection, the information contained in the submitted form may be sent to the third site. This issue is addressed through improved handling of HTTP redirects. Credit to Marc Worrell of WhatWebWhat for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1770\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A type checking issue exists in WebKit's handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved type checking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1771\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of fonts. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handing of fonts. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1774\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An out of bounds memory access issue exists in WebKit's handling of HTML tables. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: A maliciously crafted website may be able to determine which sites a user has visited\r\n\r\n Description: A design issue exists in WebKit's handling of the CSS :visited pseudo-class. A maliciously crafted website may be able to determine which sites a user has visited. This update limits the ability of web pages to style pages based on whether links are visited.\r\n\r\nAdditional Information\r\n\r\nNote: Safari 5.0 and Safari 4.1 address the same set of security issues. Safari 5.0 is provided for Mac OS X v10.5, Mac OS X v10.6, and Microsoft Windows systems. Safari 4.1 is provided for Mac OS X v10.4 systems.\r\n\r\nImportant: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple\u2019s recommendation or endorsement. Please contact the vendor for additional information.", "modified": "2010-06-08T00:00:00", "published": "2010-06-08T00:00:00", "id": "SECURITYVULNS:DOC:23999", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23999", "title": "VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "description": "Multiple memory corruptions, code execution.", "modified": "2010-06-11T00:00:00", "published": "2010-06-11T00:00:00", "id": "SECURITYVULNS:VULN:10908", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10908", "title": "Apple Webkit / Safari / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-02-03T16:03:08", "bulletinFamily": "unix", "description": "A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nPlease consult the bug listed at the top of this advisory to get the exact list of CVE numbers fixed for each release.", "modified": "2010-10-19T00:00:00", "published": "2010-10-19T00:00:00", "id": "USN-1006-1", "href": "https://usn.ubuntu.com/1006-1/", "title": "WebKit vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}