ID CVE-2014-7909 Type cve Reporter cve@mitre.org Modified 2017-09-08T01:29:00
Description
effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.
{"openvas": [{"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-11-20T00:00:00", "id": "OPENVAS:1361412562310842037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842037", "title": "Ubuntu Update for oxide-qt USN-2410-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2410_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for oxide-qt USN-2410-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842037\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-20 06:42:55 +0100 (Thu, 20 Nov 2014)\");\n script_cve_id(\"CVE-2014-7904\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\",\n \"CVE-2014-7910\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for oxide-qt USN-2410-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A buffer overflow was discovered in Skia. If a\nuser were tricked in to opening a specially crafted website, an attacked could\npotentially exploit this to cause a denial of service via renderer crash or execute\narbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacked could potentially\nexploit these to cause a denial of service via renderer crash or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in to\nopening a specially crafted website, an attacked could potentially exploit\nthis to cause a denial of service via renderer crash or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer crash.\n(CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial of\nservice via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-7910)\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2410-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2410-1/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0\", ver:\"1.3.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs\", ver:\"1.3.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra\", ver:\"1.3.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:45", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-11-25T00:00:00", "id": "OPENVAS:1361412562310804894", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804894", "title": "Google Chrome Multiple Vulnerabilities - 01 November14 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 November14 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804894\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\",\n \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\",\n \"CVE-2014-7909\", \"CVE-2014-7910\", \"CVE-2014-7899\");\n script_bugtraq_id(71163, 71158, 71165, 71164, 71166, 71159, 71170, 71168,\n 71167, 71161, 71160);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-11-25 18:55:43 +0530 (Tue, 25 Nov 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 November14 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - A use-after-free error in pdfium.\n\n - An integer overflow error in pdfium.\n\n - Another use-after-free error in pdfium.\n\n - An unspecified error in pdfium.\n\n - An unspecified error in Skia.\n\n - A use-after-free error in pepper plugins.\n\n - Multiple use-after-free errors in blink.\n\n - An integer overflow error in media.\n\n - An unspecified error in Skia.\n\n - Other Multiple unspecified errors.\n\n - An unspecified error that can be exploited to spoof the address bar.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, conduct spoofing attacks,\n bypass certain security restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 39.0.2171.65\n on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 39.0.2171.65\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62546\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"39.0.2171.65\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:26", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-11-25T00:00:00", "id": "OPENVAS:1361412562310804892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804892", "title": "Google Chrome Multiple Vulnerabilities - 01 November14 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 November14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804892\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\",\n \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\",\n \"CVE-2014-7909\", \"CVE-2014-7910\", \"CVE-2014-7899\");\n script_bugtraq_id(71163, 71158, 71165, 71164, 71166, 71159, 71170, 71168,\n 71167, 71161, 71160);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-11-25 18:03:03 +0530 (Tue, 25 Nov 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 November14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - A use-after-free error in pdfium.\n\n - An integer overflow error in pdfium.\n\n - Another use-after-free error in pdfium.\n\n - An unspecified error in pdfium.\n\n - An unspecified error in Skia.\n\n - A use-after-free error in pepper plugins.\n\n - Multiple use-after-free errors in blink.\n\n - An integer overflow error in media.\n\n - An unspecified error in Skia.\n\n - Other Multiple unspecified errors.\n\n - An unspecified error that can be exploited to spoof the address bar.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, conduct spoofing attacks,\n bypass certain security restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 39.0.2171.65\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 39.0.2171.65\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62546\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"39.0.2171.65\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:30", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-11-25T00:00:00", "id": "OPENVAS:1361412562310804893", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804893", "title": "Google Chrome Multiple Vulnerabilities - 01 November14 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 November14 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804893\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\",\n \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\",\n \"CVE-2014-7909\", \"CVE-2014-7910\", \"CVE-2014-7899\");\n script_bugtraq_id(71163, 71158, 71165, 71164, 71166, 71159, 71170, 71168,\n 71167, 71161, 71160);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-11-25 18:46:35 +0530 (Tue, 25 Nov 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 November14 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - A use-after-free error in pdfium.\n\n - An integer overflow error in pdfium.\n\n - Another use-after-free error in pdfium.\n\n - An unspecified error in pdfium.\n\n - An unspecified error in Skia.\n\n - A use-after-free error in pepper plugins.\n\n - Multiple use-after-free errors in blink.\n\n - An integer overflow error in media.\n\n - An unspecified error in Skia.\n\n - Other Multiple unspecified errors.\n\n - An unspecified error that can be exploited to spoof the address bar.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, conduct spoofing attacks,\n bypass certain security restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 39.0.2171.65\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 39.0.2171.65\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62546\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"39.0.2171.65\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-12-13T00:00:00", "id": "OPENVAS:1361412562310850624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850624", "title": "SuSE Update for chromium openSUSE-SU-2014:1626-1 (chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1626_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for chromium openSUSE-SU-2014:1626-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850624\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-13 05:53:58 +0100 (Sat, 13 Dec 2014)\");\n script_cve_id(\"CVE-2014-0574\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\",\n \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7905\",\n \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\",\n \"CVE-2014-7910\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2014:1626-1 (chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"chromium was updated to version 39.0.2171.65 to fix 13 security issues.\n\n These security issues were fixed:\n\n - Use-after-free in pepper plugins (CVE-2014-7906).\n\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google\n Chromebefore 39.0.2171.65, al... (CVE-2014-7903).\n\n - Uninitialized memory read in Skia (CVE-2014-7909).\n\n - Unspecified security issues (CVE-2014-7910).\n\n - Integer overflow in media (CVE-2014-7908).\n\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901).\n\n - Use-after-free in blink (CVE-2014-7907).\n\n - Address bar spoofing (CVE-2014-7899).\n\n - Buffer overflow in Skia (CVE-2014-7904).\n\n - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900).\n\n - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902).\n\n - Flaw allowing navigation to intents that do not have the BROWSABLE\n category (CVE-2014-7905).\n\n - Double-free in Flash (CVE-2014-0574).\");\n script_tag(name:\"affected\", value:\"chromium on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:1626_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201412-13", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121299", "title": "Gentoo Security Advisory GLSA 201412-13", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-13.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121299\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:10 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-13\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-13\");\n script_cve_id(\"CVE-2014-3188\", \"CVE-2014-3189\", \"CVE-2014-3190\", \"CVE-2014-3191\", \"CVE-2014-3192\", \"CVE-2014-3193\", \"CVE-2014-3194\", \"CVE-2014-3195\", \"CVE-2014-3197\", \"CVE-2014-3198\", \"CVE-2014-3199\", \"CVE-2014-3200\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-13\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 39.0.2171.65\"), vulnerable: make_list(\"lt 39.0.2171.65\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Multiple memory corruptions.", "modified": "2014-12-01T00:00:00", "published": "2014-12-01T00:00:00", "id": "SECURITYVULNS:VULN:14118", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14118", "title": "Oxide multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2410-1\r\nNovember 19, 2014\r\n\r\noxide-qt vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Oxide.\r\n\r\nSoftware Description:\r\n- oxide-qt: Web browser engine library for Qt (QML plugin)\r\n\r\nDetails:\r\n\r\nA buffer overflow was discovered in Skia. If a user were tricked in to\r\nopening a specially crafted website, an attacked could potentially exploit\r\nthis to cause a denial of service via renderer crash or execute arbitrary\r\ncode with the privileges of the sandboxed render process. (CVE-2014-7904)\r\n\r\nMultiple use-after-frees were discovered in Blink. If a user were tricked\r\nin to opening a specially crafted website, an attacked could potentially\r\nexploit these to cause a denial of service via renderer crash or execute\r\narbitrary code with the privileges of the sandboxed render process.\r\n(CVE-2014-7907)\r\n\r\nAn integer overflow was discovered in media. If a user were tricked in to\r\nopening a specially crafted website, an attacked could potentially exploit\r\nthis to cause a denial of service via renderer crash or execute arbitrary\r\ncode with the privileges of the sandboxed render process. (CVE-2014-7908)\r\n\r\nAn uninitialized memory read was discovered in Skia. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit this to cause a denial of service via renderer crash.\r\n(CVE-2014-7909)\r\n\r\nMultiple security issues were discovered in Chromium. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit these to read uninitialized memory, cause a denial of\r\nservice via application crash or execute arbitrary code with the\r\nprivileges of the user invoking the program. (CVE-2014-7910)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n liboxideqtcore0 1.3.4-0ubuntu0.14.10.1\r\n oxideqt-codecs 1.3.4-0ubuntu0.14.10.1\r\n oxideqt-codecs-extra 1.3.4-0ubuntu0.14.10.1\r\n\r\nUbuntu 14.04 LTS:\r\n liboxideqtcore0 1.3.4-0ubuntu0.14.04.1\r\n oxideqt-codecs 1.3.4-0ubuntu0.14.04.1\r\n oxideqt-codecs-extra 1.3.4-0ubuntu0.14.04.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2410-1\r\n CVE-2014-7904, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909,\r\n CVE-2014-7910\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.3.4-0ubuntu0.14.10.1\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.3.4-0ubuntu0.14.04.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2014-12-01T00:00:00", "published": "2014-12-01T00:00:00", "id": "SECURITYVULNS:DOC:31430", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31430", "title": "[USN-2410-1] Oxide vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:03", "bulletinFamily": "unix", "description": "A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7910)", "modified": "2014-11-19T00:00:00", "published": "2014-11-19T00:00:00", "id": "USN-2410-1", "href": "https://usn.ubuntu.com/2410-1/", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-03T12:30:54", "bulletinFamily": "scanner", "description": "A buffer overflow was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacked could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in\nto opening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-7910).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-2410-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79354", "published": "2014-11-20T00:00:00", "title": "Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2410-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2410-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79354);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:30\");\n\n script_cve_id(\"CVE-2014-7904\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_bugtraq_id(71161, 71166, 71167, 71168, 71170);\n script_xref(name:\"USN\", value:\"2410-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2410-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacked could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in\nto opening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-7910).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2410-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liboxideqtcore0, oxideqt-codecs and / or\noxideqt-codecs-extra packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.3.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs\", pkgver:\"1.3.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.3.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"liboxideqtcore0\", pkgver:\"1.3.4-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs\", pkgver:\"1.3.4-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.3.4-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0 / oxideqt-codecs / oxideqt-codecs-extra\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:20:55", "bulletinFamily": "scanner", "description": "Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907,\nCVE-2014-7910, CVE-2014-7908, CVE-2014-7909)\n\nA flaw was found in the way Chromium parsed certain URL values. A\nmalicious attacker could use this flaw to perform phishing attacks.\n(CVE-2014-7899)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 39.0.2171.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2014-1894.NASL", "href": "https://www.tenable.com/plugins/nessus/79426", "published": "2014-11-25T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2014:1894)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1894. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79426);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-7899\", \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_bugtraq_id(71159, 71160, 71161, 71166, 71167, 71168, 71170);\n script_xref(name:\"RHSA\", value:\"2014:1894\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2014:1894)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907,\nCVE-2014-7910, CVE-2014-7908, CVE-2014-7909)\n\nA flaw was found in the way Chromium parsed certain URL values. A\nmalicious attacker could use this flaw to perform phishing attacks.\n(CVE-2014-7899)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 39.0.2171.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # https://googlechromereleases.blogspot.com/2014/11/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2014/11/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7909\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1894\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-39.0.2171.65-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-39.0.2171.65-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-39.0.2171.65-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-39.0.2171.65-2.el6_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:43", "bulletinFamily": "scanner", "description": "chromium was updated to version 39.0.2171.65 to fix 13 security\nissues.\n\nThese security issues were fixed :\n\n - Use-after-free in pepper plugins (CVE-2014-7906).\n\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as\n used in Google Chromebefore 39.0.2171.65, al...\n (CVE-2014-7903).\n\n - Uninitialized memory read in Skia (CVE-2014-7909).\n\n - Unspecified security issues (CVE-2014-7910).\n\n - Integer overflow in media (CVE-2014-7908).\n\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2....\n (CVE-2014-7901).\n\n - Use-after-free in blink (CVE-2014-7907).\n\n - Address bar spoofing (CVE-2014-7899).\n\n - Buffer overflow in Skia (CVE-2014-7904).\n\n - Use-after-free vulnerability in the CPDF_Parser\n (CVE-2014-7900).\n\n - Use-after-free vulnerability in PDFium allows DoS\n (CVE-2014-7902).\n\n - Flaw allowing navigation to intents that do not have the\n BROWSABLE category (CVE-2014-7905).\n\n - Double-free in Flash (CVE-2014-0574).", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2014-764.NASL", "href": "https://www.tenable.com/plugins/nessus/79997", "published": "2014-12-15T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-764.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79997);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-0574\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7905\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)\");\n script_summary(english:\"Check for the openSUSE-2014-764 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"chromium was updated to version 39.0.2171.65 to fix 13 security\nissues.\n\nThese security issues were fixed :\n\n - Use-after-free in pepper plugins (CVE-2014-7906).\n\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as\n used in Google Chromebefore 39.0.2171.65, al...\n (CVE-2014-7903).\n\n - Uninitialized memory read in Skia (CVE-2014-7909).\n\n - Unspecified security issues (CVE-2014-7910).\n\n - Integer overflow in media (CVE-2014-7908).\n\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2....\n (CVE-2014-7901).\n\n - Use-after-free in blink (CVE-2014-7907).\n\n - Address bar spoofing (CVE-2014-7899).\n\n - Buffer overflow in Skia (CVE-2014-7904).\n\n - Use-after-free vulnerability in the CPDF_Parser\n (CVE-2014-7900).\n\n - Use-after-free vulnerability in PDFium allows DoS\n (CVE-2014-7902).\n\n - Flaw allowing navigation to intents that do not have the\n BROWSABLE category (CVE-2014-7905).\n\n - Double-free in Flash (CVE-2014-0574).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00048.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-39.0.2171.65-4.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T11:22:06", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_GOOGLE_CHROME_39_0_2171_65.NASL", "href": "https://www.tenable.com/plugins/nessus/79337", "published": "2014-11-19T00:00:00", "title": "Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79337);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0574\",\n \"CVE-2014-7899\",\n \"CVE-2014-7900\",\n \"CVE-2014-7901\",\n \"CVE-2014-7902\",\n \"CVE-2014-7903\",\n \"CVE-2014-7904\",\n \"CVE-2014-7906\",\n \"CVE-2014-7907\",\n \"CVE-2014-7908\",\n \"CVE-2014-7909\",\n \"CVE-2014-7910\"\n );\n script_bugtraq_id(\n 71041,\n 71158,\n 71159,\n 71160,\n 71161,\n 71163,\n 71164,\n 71165,\n 71166,\n 71167,\n 71168,\n 71170\n );\n\n script_name(english:\"Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)\");\n # http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc00508c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 39.0.2171.65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0574\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'39.0.2171.65', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:39:52", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n42 security fixes in this release, including :\n\n- [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli\nGrey.\n\n- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to\nAtte Kettunen from OUSPG.\n\n- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to\ncloudfuzzer.\n\n- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte\nKettunen from OUSPG.\n\n- [421817] High CVE-2014-7905: Flaw allowing navigation to intents\nthat do not have the BROWSABLE category. Credit to WangTao(neobyte) of\nBaidu X-Team.\n\n- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.\nCredit to Chen Zhang (demi6od) of the NSFOCUS Security Team.\n\n- [423703] High CVE-2014-0574: Double-free in Flash. Credit to\nbiloulehibou.\n\n- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen\nZhang (demi6od) of the NSFOCUS Security Team.\n\n- [425980] High CVE-2014-7908: Integer overflow in media. Credit to\nChristoph Diehl.\n\n- [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia.\nCredit to miaubiz.\n\n- CVE-2014-7910: Various fixes from internal audits, fuzzing and other\ninitiatives.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/79320", "published": "2014-11-19T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79320);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2014-0574\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7905\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n42 security fixes in this release, including :\n\n- [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli\nGrey.\n\n- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to\nAtte Kettunen from OUSPG.\n\n- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to\ncloudfuzzer.\n\n- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte\nKettunen from OUSPG.\n\n- [421817] High CVE-2014-7905: Flaw allowing navigation to intents\nthat do not have the BROWSABLE category. Credit to WangTao(neobyte) of\nBaidu X-Team.\n\n- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.\nCredit to Chen Zhang (demi6od) of the NSFOCUS Security Team.\n\n- [423703] High CVE-2014-0574: Double-free in Flash. Credit to\nbiloulehibou.\n\n- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen\nZhang (demi6od) of the NSFOCUS Security Team.\n\n- [425980] High CVE-2014-7908: Integer overflow in media. Credit to\nChristoph Diehl.\n\n- [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia.\nCredit to miaubiz.\n\n- CVE-2014-7910: Various fixes from internal audits, fuzzing and other\ninitiatives.\"\n );\n # http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4b30c17\"\n );\n # https://vuxml.freebsd.org/freebsd/d395e44f-6f4f-11e4-a444-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a894c63a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<39.0.2171.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<39.0.2171.65\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T11:04:20", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is a\nversion prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)", "modified": "2019-11-02T00:00:00", "id": "GOOGLE_CHROME_39_0_2171_65.NASL", "href": "https://www.tenable.com/plugins/nessus/79336", "published": "2014-11-19T00:00:00", "title": "Google Chrome < 39.0.2171.65 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79336);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0574\",\n \"CVE-2014-7899\",\n \"CVE-2014-7900\",\n \"CVE-2014-7901\",\n \"CVE-2014-7902\",\n \"CVE-2014-7903\",\n \"CVE-2014-7904\",\n \"CVE-2014-7906\",\n \"CVE-2014-7907\",\n \"CVE-2014-7908\",\n \"CVE-2014-7909\",\n \"CVE-2014-7910\"\n );\n script_bugtraq_id(\n 71041,\n 71158,\n 71159,\n 71160,\n 71161,\n 71163,\n 71164,\n 71165,\n 71166,\n 71167,\n 71168,\n 71170\n );\n\n script_name(english:\"Google Chrome < 39.0.2171.65 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is a\nversion prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)\");\n # http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc00508c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 39.0.2171.65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0574\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'39.0.2171.65', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:40:37", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201412-13\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201412-13.NASL", "href": "https://www.tenable.com/plugins/nessus/79966", "published": "2014-12-15T00:00:00", "title": "GLSA-201412-13 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-13.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79966);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:56 $\");\n\n script_cve_id(\"CVE-2014-3188\", \"CVE-2014-3189\", \"CVE-2014-3190\", \"CVE-2014-3191\", \"CVE-2014-3192\", \"CVE-2014-3193\", \"CVE-2014-3194\", \"CVE-2014-3195\", \"CVE-2014-3197\", \"CVE-2014-3198\", \"CVE-2014-3199\", \"CVE-2014-3200\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_bugtraq_id(70262, 70273, 71158, 71159, 71160, 71161, 71163, 71164, 71165, 71166, 71168, 71170);\n script_xref(name:\"GLSA\", value:\"201412-13\");\n\n script_name(english:\"GLSA-201412-13 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-13\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-39.0.2171.65'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 39.0.2171.65\"), vulnerable:make_list(\"lt 39.0.2171.65\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7910, \nCVE-2014-7908, CVE-2014-7909)\n\nA flaw was found in the way Chromium parsed certain URL values. A malicious\nattacker could use this flaw to perform phishing attacks. (CVE-2014-7899)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 39.0.2171.65, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.\n", "modified": "2018-06-07T09:04:30", "published": "2014-11-24T05:00:00", "id": "RHSA-2014:1894", "href": "https://access.redhat.com/errata/RHSA-2014:1894", "type": "redhat", "title": "(RHSA-2014:1894) Important: chromium-browser security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "description": "- CVE-2014-7899 (address bar spoofing)\nA flaw allows remote attackers to spoof the address bar by placing a\nblob: substring at the beginning of the URL, followed by the original\nURI scheme and a long username string.\n\n- CVE-2014-7900 (use-after-free)\nUse-after-free vulnerability in the CPDF_Parser::IsLinearizedFile\nfunction in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a crafted PDF document.\n\n- CVE-2014-7901 (integer overflow)\nInteger overflow in the opj_t2_read_packet_data function in\nfxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a long segment in a JPEG image.\n\n- CVE-2014-7902 (use-after-free)\nUse-after-free vulnerability in PDFium allows remote attackers to cause\na denial of service or possibly have unspecified other impact via a\ncrafted PDF document.\n\n- CVE-2014-7903 (buffer overflow)\nBuffer overflow in OpenJPEG before r2911 in PDFium allows remote\nattackers to cause a denial of service or possibly have unspecified\nother impact via a crafted JPEG image.\n\n- CVE-2014-7904 (buffer overflow)\nBuffer overflow in Skia allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n- CVE-2014-7906 (use-after-free)\nUse-after-free vulnerability in the Pepper plugins allows remote\nattackers to cause a denial of service or possibly have unspecified\nother impact via crafted Flash content that triggers an attempted\nPepperMediaDeviceManager access outside of the object's lifetime.\n\n- CVE-2014-7907 (use-after-free)\nMultiple use-after-free vulnerabilities in\nmodules/screen_orientation/ScreenOrientationController.cpp in Blink\nallow remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors that trigger improper handling of a\ndetached frame, related to the (1) lock and (2) unlock methods.\n\n- CVE-2014-7908 (integer overflow)\nMultiple integer overflows in the CheckMov function in\nmedia/base/container_names.cc allow remote attackers to cause a denial\nof service or possibly have unspecified other impact via a large atom in\n(1) MPEG-4 or (2) QuickTime .mov data.\n\n- CVE-2014-7909 (uninitialized memory read)\nA flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using\nuninitialized integer values, which might allow remote attackers to\ncause a denial of service by rendering crafted data.\n\n- CVE-2014-7910 (various issues)\nVarious issues from internal audits, fuzzing and other initiatives that\nallow attackers to cause a denial of service or possibly have other impact.", "modified": "2014-11-20T00:00:00", "published": "2014-11-20T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html", "id": "ASA-201411-26", "title": "chromium: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n42 security fixes in this release, including:\n\n[389734] High CVE-2014-7899: Address bar spoofing. Credit to\n\t Eli Grey.\n[406868] High CVE-2014-7900: Use-after-free in pdfium. Credit\n\t to Atte Kettunen from OUSPG.\n[413375] High CVE-2014-7901: Integer overflow in pdfium. Credit\n\t to cloudfuzzer.\n[414504] High CVE-2014-7902: Use-after-free in pdfium. Credit\n\t to cloudfuzzer.\n[414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit\n\t to cloudfuzzer.\n[418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to\n\t Atte Kettunen from OUSPG.\n[421817] High CVE-2014-7905: Flaw allowing navigation to\n\t intents that do not have the BROWSABLE category. Credit to\n\t WangTao(neobyte) of Baidu X-Team.\n[423030] High CVE-2014-7906: Use-after-free in pepper plugins.\n\t Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.\n[423703] High CVE-2014-0574: Double-free in Flash. Credit to\n\t biloulehibou.\n[424453] High CVE-2014-7907: Use-after-free in blink. Credit to\n\t Chen Zhang (demi6od) of the NSFOCUS Security Team.\n[425980] High CVE-2014-7908: Integer overflow in media. Credit\n\t to Christoph Diehl.\n[391001] Medium CVE-2014-7909: Uninitialized memory read in\n\t Skia. Credit to miaubiz.\nCVE-2014-7910: Various fixes from internal audits, fuzzing and\n\t other initiatives.\n\n\n", "modified": "2014-11-18T00:00:00", "published": "2014-11-18T00:00:00", "id": "D395E44F-6F4F-11E4-A444-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/d395e44f-6f4f-11e4-a444-00262d5ed8ee.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:05:42", "bulletinFamily": "unix", "description": "chromium was updated to version 39.0.2171.65 to fix 13 security issues.\n\n These security issues were fixed:\n - Use-after-free in pepper plugins (CVE-2014-7906).\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google\n Chromebefore 39.0.2171.65, al... (CVE-2014-7903).\n - Uninitialized memory read in Skia (CVE-2014-7909).\n - Unspecified security issues (CVE-2014-7910).\n - Integer overflow in media (CVE-2014-7908).\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901).\n - Use-after-free in blink (CVE-2014-7907).\n - Address bar spoofing (CVE-2014-7899).\n - Buffer overflow in Skia (CVE-2014-7904).\n - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900).\n - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902).\n - Flaw allowing navigation to intents that do not have the BROWSABLE\n category (CVE-2014-7905).\n - Double-free in Flash (CVE-2014-0574).\n\n", "modified": "2014-12-12T09:04:56", "published": "2014-12-12T09:04:56", "id": "OPENSUSE-SU-2014:1626-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00015.html", "type": "suse", "title": "Security update for chromium (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:57:50", "bulletinFamily": "info", "description": "Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the [POODLE attack](<https://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844>) revealed last month.\n\nWhen the POODLE attack was disclosed by several Google researchers in October, the company said that it had added a change to Chrome that would disable SSLv3 fallback. The technique involves an attacker to force a server to fall back from a modern version of SSL/TLS to the older SSLv3 and then decrypt the protected traffic by sending a high volume of requests to the server. The company plans to disable support for SSLv3 altogether at some point in the near future.\n\nA little further down the line, perhaps in about three months, we hope to disable SSLv3 completely. The changes that I\u2019ve just landed in Chrome only disable fallback to SSLv3 \u2013 a server that correctly negotiates SSLv3 can still use it. Disabling SSLv3 completely will break even more than just disabling the fallback but SSLv3 is now completely broken with CBC-mode ciphers and the only other option is RC4, which is hardly that attractive. Any servers depending on SSLv3 are thus on notice that they need to address that now,\u201d Adam Langley of Google [wrote](<https://www.imperialviolet.org/2014/10/14/poodle.html>) in October.\n\nAmong the fixes in [Chrome 39](<http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html>) are a number of patches for high-risk vulnerabilities, including several buffer overflows, use-after-frees and integer overflows. Google paid out $25,000 in rewards to researchers who reported vulnerabilities fixed in the new release. In addition, the company paid out $16,500 in additional rewards to researchers who found bugs during the development cycle.\n\nThe full list of patches in Chrome 39:\n\n[$500][[389734](<https://code.google.com/p/chromium/issues/detail?id=389734>)] High CVE-2014-7899: Address bar spoofing. _Credit to _[_Eli Grey_](<http://eligrey.com/>)_._\n\n[$1500][[406868](<https://code.google.com/p/chromium/issues/detail?id=406868>)] High CVE-2014-7900: Use-after-free in pdfium. _Credit to Atte Kettunen from OUSPG._\n\n[$1000][[413375](<https://code.google.com/p/chromium/issues/detail?id=413375>)] High CVE-2014-7901: Integer overflow in pdfium. _Credit to cloudfuzzer._\n\n[$1000][[414504](<https://code.google.com/p/chromium/issues/detail?id=414504>)] High CVE-2014-7902: Use-after-free in pdfium. _Credit to cloudfuzzer._\n\n[$3000][[414525](<https://code.google.com/p/chromium/issues/detail?id=414525>)] High CVE-2014-7903: Buffer overflow in pdfium. _Credit to cloudfuzzer._\n\n[$2000][[418161](<https://code.google.com/p/chromium/issues/detail?id=418161>)] High CVE-2014-7904: Buffer overflow in Skia. _Credit to Atte Kettunen from OUSPG._\n\n[$2000][[421817](<https://code.google.com/p/chromium/issues/detail?id=421817>)] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. _Credit to WangTao(neobyte) of Baidu X-Team._\n\n[$500][[423030](<https://code.google.com/p/chromium/issues/detail?id=423030>)] High CVE-2014-7906: Use-after-free in pepper plugins. _Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team._\n\n[$7500][[423703](<https://code.google.com/p/chromium/issues/detail?id=423703>)] High CVE-2014-0574: Double-free in Flash. _Credit to_ _biloulehibou._\n\n[$5000][[424453](<https://code.google.com/p/chromium/issues/detail?id=424453>)] High CVE-2014-7907: Use-after-free in blink. _Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team._\n\n[$500][[425980](<https://code.google.com/p/chromium/issues/detail?id=425980>)] High CVE-2014-7908: Integer overflow in media. _Credit to Christoph Diehl._\n\n[$500][[391001](<https://code.google.com/p/chromium/issues/detail?id=391001>)] Medium CVE-2014-7909: Uninitialized memory read in Skia. _Credit to miaubiz._\n", "modified": "2014-11-24T18:40:37", "published": "2014-11-18T13:42:18", "id": "THREATPOST:DCCF6E08CBB78DDE988D0C3CB0E04C1A", "href": "https://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455/", "type": "threatpost", "title": "Google Removes SSLv3 Fallback Support From Chrome", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-39.0.2171.65\"", "modified": "2014-12-13T00:00:00", "published": "2014-12-13T00:00:00", "id": "GLSA-201412-13", "href": "https://security.gentoo.org/glsa/201412-13", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
