ID CVE-2015-3747 Type cve Reporter NVD Modified 2016-12-23T21:59:13
Description
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
{"title": "CVE-2015-3747", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 6.8}, "vulnersScore": 6.8}, "published": "2015-08-16T19:59:20", "cvelist": ["CVE-2015-3747"], "viewCount": 3, "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3747", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "008a70dd0230c9a7a90b80df474d8d06", "key": "cpe"}, {"hash": "ec5ff3546ef67ed19b40c435f6db2dcb", "key": "cvelist"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "f478ac81cdaa48b6c6d291bddaa3a41a", "key": "description"}, {"hash": "2316256aea8238328b552b8cd7b5b305", "key": "href"}, {"hash": "1bd3cd24c8f7f50a9d115d3097de8a73", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "48ba3839661ca2aa984c4439236c4a8f", "key": "published"}, {"hash": "72ccd6814f51af3cc73f87ffe220c9f4", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "684e9913f2626a9fc4ec2da4f1270f44", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-08-16T19:59:20", "cvelist": ["CVE-2015-3747"], "title": "CVE-2015-3747", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3747", "bulletinFamily": "NVD", "id": "CVE-2015-3747", "history": [], "scanner": [], "cpe": ["cpe:/o:apple:iphone_os:8.4", "cpe:/a:apple:itunes:12.2", "cpe:/a:apple:safari:7.1.7", "cpe:/a:apple:safari:8.0.7", "cpe:/a:apple:safari:6.2.7"], "modified": "2015-09-28T08:49:05", "hash": "7553d274ef43fcca4650b9cca0710157b676fd8030b897b9f06fade5088c88fc", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["https://support.apple.com/HT205221", "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html", "https://support.apple.com/kb/HT205033", "https://support.apple.com/kb/HT205030"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "48ba3839661ca2aa984c4439236c4a8f", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "f478ac81cdaa48b6c6d291bddaa3a41a", "key": "description"}, {"hash": "684e9913f2626a9fc4ec2da4f1270f44", "key": "title"}, {"hash": "2316256aea8238328b552b8cd7b5b305", "key": "href"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "53e05dd03112a54387549054d9cc23ed", "key": "references"}, {"hash": "ec5ff3546ef67ed19b40c435f6db2dcb", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "008a70dd0230c9a7a90b80df474d8d06", "key": "cpe"}, {"hash": "17877c80041d9665ca0dfacc8b82711a", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "lastseen": "2016-09-03T22:33:55", "description": "WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:33:55"}], "scanner": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "modified": "2016-12-23T21:59:13", "hash": "008ff16eff668464ac70abb50a13f8267f6f6348651626d9fb2539ed32173551", "cpe": ["cpe:/o:apple:iphone_os:8.4", "cpe:/a:apple:itunes:12.2", "cpe:/a:apple:safari:7.1.7", "cpe:/a:apple:safari:8.0.7", "cpe:/a:apple:safari:6.2.7"], "edition": 2, "description": "WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.", "references": ["http://www.ubuntu.com/usn/USN-2937-1", "https://support.apple.com/HT205221", "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html", "https://support.apple.com/kb/HT205033", "http://www.securityfocus.com/bid/76338", "https://support.apple.com/kb/HT205030", "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html", "http://www.securitytracker.com/id/1033274"], "id": "CVE-2015-3747", "lastseen": "2017-04-18T15:56:55", "assessment": {"name": "", "href": "", "system": ""}}
{"ubuntu": [{"lastseen": "2018-08-31T00:09:49", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3659", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1081", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5928", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3747", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1748", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1127", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3741", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1120", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1076", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5788", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1153", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1071", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1083", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3727", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3748", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3731", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1155", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3749", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5809", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5822", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3743", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1122", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3752", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3745", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5794", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3658", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5801"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "2.4.10-0ubuntu0.15.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwebkitgtk-3.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.4.10-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwebkitgtk-3.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.4.10-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwebkitgtk-1.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "2.4.10-0ubuntu0.15.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libjavascriptcoregtk-3.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.4.10-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libjavascriptcoregtk-3.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "2.4.10-0ubuntu0.15.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libjavascriptcoregtk-1.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "2.4.10-0ubuntu0.15.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwebkitgtk-1.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.4.10-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libjavascriptcoregtk-1.0-0", "operator": "lt"}], "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.", "edition": 3, "reporter": "Ubuntu", "published": "2016-03-21T00:00:00", "title": "WebKitGTK+ vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2016-03-21T00:00:00", "id": "USN-2937-1", "href": "https://usn.ubuntu.com/2937-1/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:05:23", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=971460"], "pluginID": "90259", "description": "This update for webkitgtk fixes the following issues :\n\n - webkitgtk was updated to version 2.4.10 (boo#971460) :\n\n + Fix rendering of form controls and scrollbars with GTK+ >= 3.19.\n\n + Fix crashes on PPC64.\n\n + Fix the build on powerpc 32 bits.\n\n + Add ARM64 build support.\n\n + Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083.\n\n + Updated translations.", "edition": 4, "reporter": "Tenable", "published": "2016-04-01T00:00:00", "title": "openSUSE Security Update : webkitgtk (openSUSE-2016-412)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2016-04-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-1_0", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-3_0", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-1_0", "p-cpe:/a:novell:opensuse:libwebkitgtk3-devel", "p-cpe:/a:novell:opensuse:webkit-jsc-1-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-32bit", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk3-lang", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-32bit", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-3_0", "p-cpe:/a:novell:opensuse:libwebkitgtk2-lang", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0", "p-cpe:/a:novell:opensuse:libwebkitgtk-devel", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-32bit", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:webkit-jsc-3", "p-cpe:/a:novell:opensuse:webkit-jsc-1", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0", "p-cpe:/a:novell:opensuse:webkit-jsc-3-debuginfo"], "id": "OPENSUSE-2016-412.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-412.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90259);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/04/05 21:24:23 $\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n\n script_name(english:\"openSUSE Security Update : webkitgtk (openSUSE-2016-412)\");\n script_summary(english:\"Check for the openSUSE-2016-412 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkitgtk fixes the following issues :\n\n - webkitgtk was updated to version 2.4.10 (boo#971460) :\n\n + Fix rendering of form controls and scrollbars with GTK+\n >= 3.19.\n\n + Fix crashes on PPC64.\n\n + Fix the build on powerpc 32 bits.\n\n + Add ARM64 build support.\n\n + Security fixes: CVE-2015-1120, CVE-2015-1076,\n CVE-2015-1071, CVE-2015-1081, CVE-2015-1122,\n CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,\n CVE-2015-5809, CVE-2015-5928, CVE-2015-3749,\n CVE-2015-3659, CVE-2015-3748, CVE-2015-3743,\n CVE-2015-3731, CVE-2015-3745, CVE-2015-5822,\n CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,\n CVE-2015-5801, CVE-2015-5788, CVE-2015-3747,\n CVE-2015-5794, CVE-2015-1127, CVE-2015-1153,\n CVE-2015-1083.\n\n + Updated translations.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971460\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-1_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-3_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-1_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-1_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-3_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-3_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-devel-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk2-lang-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk3-devel-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk3-lang-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-JavaScriptCore-1_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-JavaScriptCore-3_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-WebKit-1_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-WebKit-3_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-1-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-1-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-3-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-3-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-1_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-3_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-1_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-1_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-3_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-3_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-devel-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk2-lang-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk3-devel-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk3-lang-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-JavaScriptCore-1_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-JavaScriptCore-3_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-WebKit-1_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-WebKit-3_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-1-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-1-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-3-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-3-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-1_0-0 / libjavascriptcoregtk-1_0-0-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:40:52", "references": ["http://www.nessus.org/u?18d1a2f0"], "pluginID": "90283", "description": "This update addresses the following vulnerabilities: * [CVE-2015-1120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1120) * [CVE-2015-1076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1076) * [CVE-2015-1071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1071) * [CVE-2015-1081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1081) * [CVE-2015-1122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1122) * [CVE-2015-1155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1155) * [CVE-2014-1748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 4-1748) * [CVE-2015-3752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3752) * [CVE-2015-5809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5809) * [CVE-2015-5928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5928) * [CVE-2015-3749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3749) * [CVE-2015-3659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3659) * [CVE-2015-3748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3748) * [CVE-2015-3743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3743) * [CVE-2015-3731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3731) * [CVE-2015-3745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3745) * [CVE-2015-5822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5822) * [CVE-2015-3658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3658) * [CVE-2015-3741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3741) * [CVE-2015-3727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3727) * [CVE-2015-5801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5801) * [CVE-2015-5788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5788) * [CVE-2015-3747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3747) * [CVE-2015-5794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5794) * [CVE-2015-1127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1127) * [CVE-2015-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1153) * [CVE-2015-1083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1083) Additional fixes: * Fix crashes on PowerPC 64. * Fix the build on PowerPC 32.\n\n - Add ARM64 build support. Translation updates * German * Spanish * French\n\n - Italian * Korean * Brazilian Portuguese * Russian * Chinese.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2016-04-01T00:00:00", "title": "Fedora 22 : webkitgtk-2.4.10-1.fc22 (2016-9ec1850fff)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2016-04-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-9EC1850FFF.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90283", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-9ec1850fff.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90283);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/04/05 21:24:23 $\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-9ec1850fff\");\n\n script_name(english:\"Fedora 22 : webkitgtk-2.4.10-1.fc22 (2016-9ec1850fff)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities: *\n[CVE-2015-1120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1120) *\n[CVE-2015-1076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1076) *\n[CVE-2015-1071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1071) *\n[CVE-2015-1081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1081) *\n[CVE-2015-1122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1122) *\n[CVE-2015-1155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1155) *\n[CVE-2014-1748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n4-1748) *\n[CVE-2015-3752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3752) *\n[CVE-2015-5809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5809) *\n[CVE-2015-5928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5928) *\n[CVE-2015-3749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3749) *\n[CVE-2015-3659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3659) *\n[CVE-2015-3748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3748) *\n[CVE-2015-3743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3743) *\n[CVE-2015-3731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3731) *\n[CVE-2015-3745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3745) *\n[CVE-2015-5822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5822) *\n[CVE-2015-3658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3658) *\n[CVE-2015-3741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3741) *\n[CVE-2015-3727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3727) *\n[CVE-2015-5801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5801) *\n[CVE-2015-5788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5788) *\n[CVE-2015-3747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3747) *\n[CVE-2015-5794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5794) *\n[CVE-2015-1127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1127) *\n[CVE-2015-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1153) *\n[CVE-2015-1083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1083) Additional fixes: * Fix crashes on PowerPC 64. * Fix the build\non PowerPC 32.\n\n - Add ARM64 build support. Translation updates * German *\n Spanish * French\n\n - Italian * Korean * Brazilian Portuguese * Russian *\n Chinese.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/180485.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18d1a2f0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"webkitgtk-2.4.10-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:08:09", "references": ["http://www.nessus.org/u?6fc0f2fa"], "pluginID": "90220", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2016-03-28T00:00:00", "title": "Fedora 24 : webkitgtk-2.4.10-1.fc24 (2016-a4fcb02d6b)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2016-03-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:webkitgtk"], "id": "FEDORA_2016-A4FCB02D6B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90220", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-a4fcb02d6b.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90220);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/03/29 16:41:18 $\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-a4fcb02d6b\");\n\n script_name(english:\"Fedora 24 : webkitgtk-2.4.10-1.fc24 (2016-a4fcb02d6b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179772.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6fc0f2fa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"webkitgtk-2.4.10-1.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:41:33", "references": ["http://www.nessus.org/u?abc24d78"], "pluginID": "90035", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2016-03-21T00:00:00", "title": "Fedora 23 : webkitgtk3-2.4.10-1.fc23 (2016-1a7f7ffb58)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2016-03-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk3", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-1A7F7FFB58.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90035", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-1a7f7ffb58.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90035);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/03/22 14:32:26 $\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-1a7f7ffb58\");\n\n script_name(english:\"Fedora 23 : webkitgtk3-2.4.10-1.fc23 (2016-1a7f7ffb58)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abc24d78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"webkitgtk3-2.4.10-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:43", "references": ["http://www.nessus.org/u?d98b6a55"], "pluginID": "90232", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2016-03-28T00:00:00", "title": "Fedora 24 : webkitgtk3-2.4.10-1.fc24 (2016-fde7ffcb77)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2016-03-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:webkitgtk3"], "id": "FEDORA_2016-FDE7FFCB77.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90232", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-fde7ffcb77.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90232);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/03/29 16:41:18 $\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-fde7ffcb77\");\n\n script_name(english:\"Fedora 24 : webkitgtk3-2.4.10-1.fc24 (2016-fde7ffcb77)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179773.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d98b6a55\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"webkitgtk3-2.4.10-1.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:24", "references": [], "pluginID": "90094", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-03-22T00:00:00", "title": "Ubuntu 14.04 LTS / 15.10 : webkitgtk vulnerabilities (USN-2937-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2018-08-03T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-3.0-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-3.0-0", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-1.0-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-1.0-0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2937-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2937-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90094);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/08/03 12:21:25\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"USN\", value:\"2937-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 : webkitgtk vulnerabilities (USN-2937-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-1.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-3.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-1.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-3.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2018 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libjavascriptcoregtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libjavascriptcoregtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libwebkitgtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libwebkitgtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libjavascriptcoregtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libjavascriptcoregtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libwebkitgtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libwebkitgtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-1.0-0 / libjavascriptcoregtk-3.0-0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:34", "references": ["https://support.apple.com/en-us/HT205033"], "pluginID": "85446", "description": "The version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.8 / 7.1.8 / 8.0.8. It is, therefore, affected by the following vulnerabilities :\n\n - An unspecified flaw exists that allows an attacker to spoof UI elements by using crafted web pages.\n (CVE-2015-3729)\n\n - Multiple memory corruption flaws exist in WebKit due to improper validation of user-supplied input. An attacker can exploit these, by using a crafted web page, to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731 CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)\n\n - A security policy bypass vulnerability exists in WebKit related to handling Content Security Policy report requests. An attacker can exploit this to bypass the HTTP Strict Transport Security policy. (CVE-2015-3750)\n\n - A security policy bypass vulnerability exists in WebKit that allows websites to use video controls to load images nested in object elements in violation of Content Security Policy directives. (CVE-2015-3751)\n\n - An information disclosure vulnerability exists in WebKit related to how cookies are added to Content Security Policy report requests, which results in cookies being exposed to cross-origin requests. Also, cookies set during regular browsing are sent during private browsing. (CVE-2015-3752)\n\n - An information disclosure vulnerability exists in the WebKit Canvas component when images are called using URLs that redirect to a data:image resource. An attacker, using a malicious website, can exploit this to disclose image data cross-origin. (CVE-2015-3753)\n\n - An information disclosure vulnerability exists in WebKit page loading where the caching of HTTP authentication credentials entered in private browsing mode were carried over into regular browsing, resulting in a user's private browsing history being exposed. (CVE-2015-3754)\n\n - A flaw in the WebKit process model allows a malicious website to display an arbitrary URL, which can allow user interface spoofing. (CVE-2015-3755)", "edition": 6, "reporter": "Tenable", "published": "2015-08-17T00:00:00", "title": "Mac OS X : Apple Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3733", "CVE-2015-3736", "CVE-2015-3754", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-3730", "CVE-2015-3750", "CVE-2015-3755", "CVE-2015-3753", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-3748", "CVE-2015-3746", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-3737", "CVE-2015-3729"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI8_0_8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85446", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85446);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-3729\",\n \"CVE-2015-3730\",\n \"CVE-2015-3731\",\n \"CVE-2015-3732\",\n \"CVE-2015-3733\",\n \"CVE-2015-3734\",\n \"CVE-2015-3735\",\n \"CVE-2015-3736\",\n \"CVE-2015-3737\",\n \"CVE-2015-3738\",\n \"CVE-2015-3739\",\n \"CVE-2015-3740\",\n \"CVE-2015-3741\",\n \"CVE-2015-3742\",\n \"CVE-2015-3743\",\n \"CVE-2015-3744\",\n \"CVE-2015-3745\",\n \"CVE-2015-3746\",\n \"CVE-2015-3747\",\n \"CVE-2015-3748\",\n \"CVE-2015-3749\",\n \"CVE-2015-3750\",\n \"CVE-2015-3751\",\n \"CVE-2015-3752\",\n \"CVE-2015-3753\",\n \"CVE-2015-3754\",\n \"CVE-2015-3755\"\n );\n script_bugtraq_id(\n 76338,\n 76339,\n 76341,\n 76342,\n 76344\n );\n\n script_name(english:\"Mac OS X : Apple Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The web browser installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nprior to 6.2.8 / 7.1.8 / 8.0.8. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An unspecified flaw exists that allows an attacker to\n spoof UI elements by using crafted web pages.\n (CVE-2015-3729)\n\n - Multiple memory corruption flaws exist in WebKit due\n to improper validation of user-supplied input. An\n attacker can exploit these, by using a crafted web page,\n to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731\n CVE-2015-3732, CVE-2015-3733, CVE-2015-3734,\n CVE-2015-3735, CVE-2015-3736, CVE-2015-3737,\n CVE-2015-3738, CVE-2015-3739, CVE-2015-3740,\n CVE-2015-3741, CVE-2015-3742, CVE-2015-3743,\n CVE-2015-3744, CVE-2015-3745, CVE-2015-3746,\n CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)\n\n - A security policy bypass vulnerability exists in WebKit\n related to handling Content Security Policy report\n requests. An attacker can exploit this to bypass the\n HTTP Strict Transport Security policy. (CVE-2015-3750)\n\n - A security policy bypass vulnerability exists in WebKit\n that allows websites to use video controls to load\n images nested in object elements in violation of Content\n Security Policy directives. (CVE-2015-3751)\n\n - An information disclosure vulnerability exists in WebKit\n related to how cookies are added to Content Security\n Policy report requests, which results in cookies being\n exposed to cross-origin requests. Also, cookies set\n during regular browsing are sent during private\n browsing. (CVE-2015-3752)\n\n - An information disclosure vulnerability exists in the\n WebKit Canvas component when images are called using\n URLs that redirect to a data:image resource. An\n attacker, using a malicious website, can exploit this to\n disclose image data cross-origin. (CVE-2015-3753)\n\n - An information disclosure vulnerability exists in WebKit\n page loading where the caching of HTTP authentication\n credentials entered in private browsing mode were carried\n over into regular browsing, resulting in a user's private\n browsing history being exposed. (CVE-2015-3754)\n\n - A flaw in the WebKit process model allows a malicious\n website to display an arbitrary URL, which can allow\n user interface spoofing. (CVE-2015-3755)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205033\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari 6.2.8 / 7.1.8 / 8.0.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.([89]|10)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8 / 10.9 / 10.10\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\nfixed_version = NULL;\n\nif (\"10.8\" >< os)\n fixed_version = \"6.2.8\";\nelse if (\"10.9\" >< os)\n fixed_version = \"7.1.8\";\nelse\n fixed_version = \"8.0.8\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:06:09", "references": ["http://www.nessus.org/u?0136964c"], "pluginID": "90104", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2016-03-23T00:00:00", "title": "Fedora 23 : webkitgtk-2.4.10-1.fc23 (2016-5d6d75dbea)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2016-03-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-5D6D75DBEA.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90104", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-5d6d75dbea.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90104);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/03/24 14:02:01 $\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-5d6d75dbea\");\n\n script_name(english:\"Fedora 23 : webkitgtk-2.4.10-1.fc23 (2016-5d6d75dbea)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179225.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0136964c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"webkitgtk-2.4.10-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:44:08", "references": ["https://support.apple.com/en-us/HT205031"], "pluginID": "85409", "description": "The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - CoreText\n - FontParser\n - Libinfo\n - libxml2\n - OpenSSL\n - perl\n - PostgreSQL\n - QL Office\n - Quartz Composer Framework\n - QuickTime 7\n - SceneKit\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "edition": 6, "reporter": "Tenable", "published": "2015-08-17T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2015-006)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3733", "CVE-2015-2787", "CVE-2015-5779", "CVE-2015-3185", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-3736", "CVE-2015-3754", "CVE-2014-0191", "CVE-2015-3329", "CVE-2015-3783", "CVE-2015-3330", "CVE-2015-1789", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3789", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3731", "CVE-2015-0241", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-5776", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3765", "CVE-2015-0242", "CVE-2015-3739", "CVE-2015-0253", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-4148", "CVE-2015-3790", "CVE-2015-3792", "CVE-2015-3730", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-3750", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3755", "CVE-2015-4021", "CVE-2015-5761", "CVE-2015-3753", "CVE-2015-5773", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-3749", "CVE-2015-1788", "CVE-2015-4147", "CVE-2015-3742", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-3748", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-4022", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3746", "CVE-2015-1790", "CVE-2015-0243", "CVE-2015-3804", "CVE-2014-3581", "CVE-2015-3741", "CVE-2015-3751", "CVE-2014-8109", "CVE-2015-3745", "CVE-2015-3735", "CVE-2014-0067", "CVE-2015-3791", "CVE-2015-1791", "CVE-2015-3737", "CVE-2015-3729"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2015-006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85409", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85409);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-6685\",\n \"CVE-2014-0067\",\n \"CVE-2014-0191\",\n \"CVE-2014-3581\",\n \"CVE-2014-3583\",\n \"CVE-2014-3660\",\n \"CVE-2014-8109\",\n \"CVE-2014-8161\",\n \"CVE-2015-0228\",\n \"CVE-2015-0241\",\n \"CVE-2015-0242\",\n \"CVE-2015-0243\",\n \"CVE-2015-0244\",\n \"CVE-2015-0253\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-2783\",\n \"CVE-2015-2787\",\n \"CVE-2015-3183\",\n \"CVE-2015-3185\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3729\",\n \"CVE-2015-3730\",\n \"CVE-2015-3731\",\n \"CVE-2015-3732\",\n \"CVE-2015-3733\",\n \"CVE-2015-3734\",\n \"CVE-2015-3735\",\n \"CVE-2015-3736\",\n \"CVE-2015-3737\",\n \"CVE-2015-3738\",\n \"CVE-2015-3739\",\n \"CVE-2015-3740\",\n \"CVE-2015-3741\",\n \"CVE-2015-3742\",\n \"CVE-2015-3743\",\n \"CVE-2015-3744\",\n \"CVE-2015-3745\",\n \"CVE-2015-3746\",\n \"CVE-2015-3747\",\n \"CVE-2015-3748\",\n \"CVE-2015-3749\",\n \"CVE-2015-3750\",\n \"CVE-2015-3751\",\n \"CVE-2015-3752\",\n \"CVE-2015-3753\",\n \"CVE-2015-3754\",\n \"CVE-2015-3755\",\n \"CVE-2015-3765\",\n \"CVE-2015-3779\",\n \"CVE-2015-3783\",\n \"CVE-2015-3788\",\n \"CVE-2015-3789\",\n \"CVE-2015-3790\",\n \"CVE-2015-3791\",\n \"CVE-2015-3792\",\n \"CVE-2015-3804\",\n \"CVE-2015-3807\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\",\n \"CVE-2015-4147\",\n \"CVE-2015-4148\",\n \"CVE-2015-5751\",\n \"CVE-2015-5753\",\n \"CVE-2015-5756\",\n \"CVE-2015-5761\",\n \"CVE-2015-5771\",\n \"CVE-2015-5773\",\n \"CVE-2015-5775\",\n \"CVE-2015-5776\",\n \"CVE-2015-5779\"\n );\n script_bugtraq_id(\n 65721,\n 67233,\n 70644,\n 71656,\n 71657,\n 72538,\n 72540,\n 72542,\n 72543,\n 73040,\n 73041,\n 73357,\n 73431,\n 74174,\n 74204,\n 74239,\n 74240,\n 74700,\n 74703,\n 74902,\n 74903,\n 74904,\n 75056,\n 75103,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75963,\n 75964,\n 75965,\n 76338,\n 76339,\n 76340,\n 76341,\n 76342,\n 76343,\n 76344\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-08-13-2\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2015-006)\");\n script_summary(english:\"Checks for the presence of Security Update 2015-006.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.8.5 or 10.9.5\nthat is missing Security Update 2015-006. It is, therefore, affected\nby multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - CoreText\n - FontParser\n - Libinfo\n - libxml2\n - OpenSSL\n - perl\n - PostgreSQL\n - QL Office\n - Quartz Composer Framework\n - QuickTime 7\n - SceneKit\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2015-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2015-006\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Advisory states that the update is available for 10.10.2\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[89]\\.5([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8.5 or Mac OS X 10.9.5\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:55", "references": ["http://www.nessus.org/u?fb0bd3a7", "https://support.apple.com/en-us/HT205221"], "pluginID": "86001", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the bundled versions of WebKit, CoreText, the Microsoft Visual Studio C++ Redistributable Package, and ICU.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-09-18T00:00:00", "title": "Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3733", "CVE-2015-1157", "CVE-2015-3736", "CVE-2015-3686", "CVE-2015-5798", "CVE-2015-3688", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-5796", "CVE-2015-1205", "CVE-2015-5874", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-3731", "CVE-2015-3687", "CVE-2015-5805", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5802", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5789", "CVE-2015-5761", "CVE-2015-5813", "CVE-2015-5821", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-3748", "CVE-2014-8146", "CVE-2015-1152", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-5920", "CVE-2015-5755", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-3735", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-3737", "CVE-2010-3190"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_3_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86001);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/12 19:01:17\");\n\n script_cve_id(\n \"CVE-2010-3190\",\n \"CVE-2014-8146\",\n \"CVE-2015-1152\",\n \"CVE-2015-1153\",\n \"CVE-2015-1157\",\n \"CVE-2015-1205\",\n \"CVE-2015-3686\",\n \"CVE-2015-3687\",\n \"CVE-2015-3688\",\n \"CVE-2015-3730\",\n \"CVE-2015-3731\",\n \"CVE-2015-3733\",\n \"CVE-2015-3734\",\n \"CVE-2015-3735\",\n \"CVE-2015-3736\",\n \"CVE-2015-3737\",\n \"CVE-2015-3738\",\n \"CVE-2015-3739\",\n \"CVE-2015-3740\",\n \"CVE-2015-3741\",\n \"CVE-2015-3742\",\n \"CVE-2015-3743\",\n \"CVE-2015-3744\",\n \"CVE-2015-3745\",\n \"CVE-2015-3746\",\n \"CVE-2015-3747\",\n \"CVE-2015-3748\",\n \"CVE-2015-3749\",\n \"CVE-2015-5755\",\n \"CVE-2015-5761\",\n \"CVE-2015-5789\",\n \"CVE-2015-5790\",\n \"CVE-2015-5791\",\n \"CVE-2015-5792\",\n \"CVE-2015-5793\",\n \"CVE-2015-5794\",\n \"CVE-2015-5795\",\n \"CVE-2015-5796\",\n \"CVE-2015-5797\",\n \"CVE-2015-5798\",\n \"CVE-2015-5799\",\n \"CVE-2015-5800\",\n \"CVE-2015-5801\",\n \"CVE-2015-5802\",\n \"CVE-2015-5803\",\n \"CVE-2015-5804\",\n \"CVE-2015-5805\",\n \"CVE-2015-5806\",\n \"CVE-2015-5807\",\n \"CVE-2015-5808\",\n \"CVE-2015-5809\",\n \"CVE-2015-5810\",\n \"CVE-2015-5811\",\n \"CVE-2015-5812\",\n \"CVE-2015-5813\",\n \"CVE-2015-5814\",\n \"CVE-2015-5815\",\n \"CVE-2015-5816\",\n \"CVE-2015-5817\",\n \"CVE-2015-5818\",\n \"CVE-2015-5819\",\n \"CVE-2015-5821\",\n \"CVE-2015-5822\",\n \"CVE-2015-5823\",\n \"CVE-2015-5874\",\n \"CVE-2015-5920\"\n );\n script_bugtraq_id(\n 42811,\n 72288,\n 74457,\n 74523,\n 74525,\n 75491,\n 76338,\n 76343,\n 76763,\n 76764,\n 76765,\n 76766\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-09-16-3\");\n script_xref(name:\"IAVB\", value:\"2011-B-0046\");\n\n script_name(english:\"Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.3. It is, therefore, affected by multiple vulnerabilities\nin the bundled versions of WebKit, CoreText, the Microsoft Visual\nStudio C++ Redistributable Package, and ICU.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205221\");\n # https://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb0bd3a7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes 12.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.3.0.44\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:48:50", "references": ["2016-9", "https://lists.fedoraproject.org/pipermail/package-announce/2016-March/180485.html"], "pluginID": "1361412562310807742", "description": "Check the version of webkitgtk", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-04-11T00:00:00", "title": "Fedora Update for webkitgtk FEDORA-2016-9", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310807742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2016-9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807742\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-11 12:47:18 +0530 (Mon, 11 Apr 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2016-9\");\n script_tag(name: \"summary\", value: \"Check the version of webkitgtk\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"WebKitGTK+ is the port of the portable web\n rendering engine WebKit to the GTK+ platform.\");\n\n script_tag(name: \"affected\", value: \"webkitgtk on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-9\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/180485.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~2.4.10~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:52", "references": ["http://www.ubuntu.com/usn/usn-2937-1/", "2937-1"], "pluginID": "1361412562310842701", "description": "Check the version of webkitgtk", "edition": 7, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-03-22T00:00:00", "title": "Ubuntu Update for webkitgtk USN-2937-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842701", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for webkitgtk USN-2937-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842701\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-22 06:13:01 +0100 (Tue, 22 Mar 2016)\");\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\",\n\t\t\"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\",\n\t\t\"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\",\n\t\t\"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\",\n\t\t\"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\",\n\t\t\"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\",\n\t\t\"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkitgtk USN-2937-1\");\n script_tag(name:\"summary\", value:\"Check the version of webkitgtk\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkitgtk on Ubuntu 15.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2937-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2937-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:16", "references": ["https://advisories.mageia.org/MGASA-2016-0120.html"], "pluginID": "1361412562310131278", "description": "Mageia Linux Local Security Checks mgasa-2016-0120", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-03-31T00:00:00", "title": "Mageia Linux Local Check: mgasa-2016-0120", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310131278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131278", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2016-0120.nasl 6562 2017-07-06 12:22:42Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# OpenVAS and security consultance available from openvas@solinor.com\n# see https://solinor.fi/openvas-en/ for more information\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.131278\");\nscript_version(\"$Revision: 6562 $\");\nscript_tag(name:\"creation_date\", value:\"2016-03-31 08:05:03 +0300 (Thu, 31 Mar 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:22:42 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2016-0120\");\nscript_tag(name: \"insight\", value: \"The webkit package has been updated to version 2.4.10, fixing several security issues and other bugs.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2016-0120.html\");\nscript_cve_id(\"CVE-2014-1748\",\"CVE-2015-1071\",\"CVE-2015-1076\",\"CVE-2015-1081\",\"CVE-2015-1083\",\"CVE-2015-1120\",\"CVE-2015-1122\",\"CVE-2015-1127\",\"CVE-2015-1153\",\"CVE-2015-1155\",\"CVE-2015-3658\",\"CVE-2015-3659\",\"CVE-2015-3727\",\"CVE-2015-3731\",\"CVE-2015-3741\",\"CVE-2015-3743\",\"CVE-2015-3745\",\"CVE-2015-3747\",\"CVE-2015-3748\",\"CVE-2015-3749\",\"CVE-2015-3752\",\"CVE-2015-5788\",\"CVE-2015-5794\",\"CVE-2015-5801\",\"CVE-2015-5809\",\"CVE-2015-5822\",\"CVE-2015-5928\");\nscript_tag(name:\"cvss_base\", value:\"6.8\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2016-0120\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"webkit\", rpm:\"webkit~2.4.10~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:34", "references": ["2016-1", "https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179133.html"], "pluginID": "1361412562310807720", "description": "Check the version of webkitgtk3", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-03-21T00:00:00", "title": "Fedora Update for webkitgtk3 FEDORA-2016-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310807720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk3 FEDORA-2016-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807720\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-21 07:26:15 +0100 (Mon, 21 Mar 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk3 FEDORA-2016-1\");\n script_tag(name: \"summary\", value: \"Check the version of webkitgtk3\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"WebKitGTK+ is the port of the portable web\n rendering engine WebKit to the GTK+ platform.\n\n This package contains WebKitGTK+ for GTK+ 3.\");\n\n script_tag(name: \"affected\", value: \"webkitgtk3 on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-1\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179133.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk3\", rpm:\"webkitgtk3~2.4.10~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-20T16:07:54", "references": ["https://support.apple.com/en-us/HT205033"], "pluginID": "1361412562310805968", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-09-01T00:00:00", "title": "Apple Safari Multiple Vulnerabilities-01 Sep15 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3733", "CVE-2015-3736", "CVE-2015-3754", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-3730", "CVE-2015-3750", "CVE-2015-3755", "CVE-2015-3753", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-3748", "CVE-2015-3746", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-3737", "CVE-2015-3729"], "modified": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310805968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_safari_mult_vuln_sep15_macosx.nasl 11452 2018-09-18 11:24:16Z mmartin $\n#\n# Apple Safari Multiple Vulnerabilities-01 Sep15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805968\");\n script_version(\"$Revision: 11452 $\");\n script_cve_id(\"CVE-2015-3729\", \"CVE-2015-3730\", \"CVE-2015-3731\", \"CVE-2015-3732\",\n \"CVE-2015-3733\", \"CVE-2015-3734\", \"CVE-2015-3735\", \"CVE-2015-3736\",\n \"CVE-2015-3737\", \"CVE-2015-3738\", \"CVE-2015-3739\", \"CVE-2015-3740\",\n \"CVE-2015-3741\", \"CVE-2015-3742\", \"CVE-2015-3743\", \"CVE-2015-3744\",\n \"CVE-2015-3745\", \"CVE-2015-3746\", \"CVE-2015-3747\", \"CVE-2015-3748\",\n \"CVE-2015-3749\", \"CVE-2015-3750\", \"CVE-2015-3751\", \"CVE-2015-3752\",\n \"CVE-2015-3753\", \"CVE-2015-3754\", \"CVE-2015-3755\");\n script_bugtraq_id(76342, 76338, 76341, 76339, 76344);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-18 13:24:16 +0200 (Tue, 18 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-01 11:47:05 +0530 (Tue, 01 Sep 2015)\");\n script_name(\"Apple Safari Multiple Vulnerabilities-01 Sep15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists duu to,\n\n - Multiple memory corruption issues existed in WebKit.\n\n - An error existed in Content Security Policy report requests which would not\n honor HTTP Strict Transport Security.\n\n - An issue existed where websites with video controls would load images nested\n in object elements in violation of the website's Content Security Policy\n directive.\n\n - Two issues existed in how cookies were added to Content Security Policy report\n requests. Cookies were sent in cross-origin report requests in violation of the\n standard.\n\n - Images fetched through URLs that redirected to a data:image resource could have\n been exfiltrated cross-origin.\n\n - An issue existed in caching of HTTP authentication. Credentials entered in\n private browsing mode were carried over to regular browsing which would reveal\n parts of the user's private browsing history.\n\n - Navigating to a malformed URL may have allowed a malicious website to display\n an arbitrary URL.\n\n - A malicious website could open another site and prompt for user input without\n a way for the user to tell where the prompt came from.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct spoofing attack, unexpected application termination\n or arbitrary code execution, trigger plaintext requests to an origin under HTTP\n Strict Transport Security, load image out of accordance with Content Security\n Policy directive, gain access to sensitive information, exfiltrate image data\n cross-origin and reveal private browsing history.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 6.2.8, 7.x\n before 7.1.8, and 8.x before 8.0.8\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 6.2.8 or\n 7.1.8 or 8.0.8 or later.\n For updates refer to http://www.apple.com/support.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT205033\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!safVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"6.2.8\"))\n{\n fix = \"6.2.8\";\n VULN = TRUE;\n}\n\nif(version_in_range(version:safVer, test_version:\"7.0\", test_version2:\"7.1.7\"))\n{\n fix = \"7.1.8\";\n VULN = TRUE;\n}\n\nif(version_in_range(version:safVer, test_version:\"8.0\", test_version2:\"8.0.7\"))\n{\n fix = \"8.0.8\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + safVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:55", "references": ["2016-5", "https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179225.html"], "pluginID": "1361412562310807724", "description": "Check the version of webkitgtk", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-03-23T00:00:00", "title": "Fedora Update for webkitgtk FEDORA-2016-5", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310807724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2016-5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807724\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-23 06:16:15 +0100 (Wed, 23 Mar 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2016-5\");\n script_tag(name: \"summary\", value: \"Check the version of webkitgtk\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"WebKitGTK+ is the port of the portable web\n rendering engine WebKit to the GTK+ platform.\");\n\n script_tag(name: \"affected\", value: \"webkitgtk on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-5\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179225.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~2.4.10~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-20T16:08:09", "references": ["https://support.apple.com/en-us/HT201222", "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"], "pluginID": "1361412562310806063", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-01T00:00:00", "title": "Apple iTunes Multiple Vulnerabilities Sep15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3733", "CVE-2015-1157", "CVE-2015-3736", "CVE-2015-3686", "CVE-2015-5798", "CVE-2015-3688", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-5796", "CVE-2015-1205", "CVE-2015-5874", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-3731", "CVE-2015-3687", "CVE-2015-5805", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5802", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5789", "CVE-2015-5761", "CVE-2015-5813", "CVE-2015-5821", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-3748", "CVE-2014-8146", "CVE-2015-1152", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-5920", "CVE-2015-5755", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-3735", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-3737", "CVE-2010-3190"], "modified": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310806063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806063", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_sep15.nasl 11452 2018-09-18 11:24:16Z mmartin $\n#\n# Apple iTunes Multiple Vulnerabilities Sep15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806063\");\n script_version(\"$Revision: 11452 $\");\n script_cve_id(\"CVE-2015-1157\", \"CVE-2015-3686\", \"CVE-2015-3687\", \"CVE-2015-3688\",\n \"CVE-2015-5755\", \"CVE-2015-5761\", \"CVE-2015-5874\", \"CVE-2014-8146\",\n \"CVE-2015-1205\", \"CVE-2010-3190\", \"CVE-2015-1152\", \"CVE-2015-1153\",\n \"CVE-2015-3730\", \"CVE-2015-3731\", \"CVE-2015-3733\", \"CVE-2015-3734\",\n \"CVE-2015-3735\", \"CVE-2015-3736\", \"CVE-2015-3737\", \"CVE-2015-3738\",\n \"CVE-2015-3739\", \"CVE-2015-3740\", \"CVE-2015-3741\", \"CVE-2015-3742\",\n \"CVE-2015-3743\", \"CVE-2015-3744\", \"CVE-2015-3745\", \"CVE-2015-3746\",\n \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-5823\", \"CVE-2015-5920\",\n \"CVE-2015-3749\", \"CVE-2015-5789\", \"CVE-2015-5790\", \"CVE-2015-5791\",\n \"CVE-2015-5792\", \"CVE-2015-5793\", \"CVE-2015-5794\", \"CVE-2015-5795\",\n \"CVE-2015-5796\", \"CVE-2015-5797\", \"CVE-2015-5798\", \"CVE-2015-5799\",\n \"CVE-2015-5800\", \"CVE-2015-5801\", \"CVE-2015-5802\", \"CVE-2015-5803\",\n \"CVE-2015-5804\", \"CVE-2015-5805\", \"CVE-2015-5806\", \"CVE-2015-5807\",\n \"CVE-2015-5808\", \"CVE-2015-5809\", \"CVE-2015-5810\", \"CVE-2015-5811\",\n \"CVE-2015-5812\", \"CVE-2015-5813\", \"CVE-2015-5814\", \"CVE-2015-5815\",\n \"CVE-2015-5816\", \"CVE-2015-5817\", \"CVE-2015-5818\", \"CVE-2015-5819\",\n \"CVE-2015-5821\", \"CVE-2015-5822\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-18 13:24:16 +0200 (Tue, 18 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-01 10:34:38 +0530 (Thu, 01 Oct 2015)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities Sep15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple memory corruption issues in the processing of unicode strings.\n\n - Multiple memory corruption issues in the processing of text files.\n\n - A security issue in Microsoft Foundation Class's handling of library loading.\n\n - Multiple memory corruption issues in WebKit.\n\n - A redirection issue in the handling of certain network connections.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attacker to obtain encrypted SMB credentials, to cause unexpected application\n termination or arbitrary code execution, .\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.3 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.3 or later,\n For updates refer to http://www.apple.com/itunes\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT201222\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ituneVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## Check for Apple iTunes vulnerable versions\nif(version_is_less(version:ituneVer, test_version:\"12.3\"))\n{\n report = 'Installed version: ' + ituneVer + '\\n' +\n 'Fixed version: 12.3 \\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:06", "references": ["https://advisories.mageia.org/MGASA-2016-0116.html"], "pluginID": "1361412562310131282", "description": "Mageia Linux Local Security Checks mgasa-2016-0116", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-03-31T00:00:00", "title": "Mageia Linux Local Check: mgasa-2016-0116", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3733", "CVE-2015-5930", "CVE-2015-7013", "CVE-2016-1725", "CVE-2015-1072", "CVE-2015-5825", "CVE-2015-3736", "CVE-2015-3754", "CVE-2015-7097", "CVE-2015-7100", "CVE-2015-7099", "CVE-2015-7002", "CVE-2016-1728", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-7104", "CVE-2015-1127", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-1073", "CVE-2015-5805", "CVE-2015-1122", "CVE-2015-1126", "CVE-2015-5828", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-1071", "CVE-2015-7098", "CVE-2015-5801", "CVE-2016-1727", "CVE-2015-3743", "CVE-2015-1156", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5931", "CVE-2015-7048", "CVE-2015-1068", "CVE-2015-5793", "CVE-2015-3750", "CVE-2015-5795", "CVE-2015-1076", "CVE-2015-1154", "CVE-2016-1723", "CVE-2015-1124", "CVE-2015-5929", "CVE-2015-3755", "CVE-2016-1726", "CVE-2015-3660", "CVE-2015-3753", "CVE-2015-5813", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-1070", "CVE-2015-7096", "CVE-2015-1077", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3742", "CVE-2016-1724", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-5827", "CVE-2015-3748", "CVE-2015-1152", "CVE-2015-3658", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-7103", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-1121", "CVE-2015-1082", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-3735", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-1081", "CVE-2015-1119", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-7095", "CVE-2015-7102", "CVE-2015-5804", "CVE-2015-1069", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-1075", "CVE-2015-5811", "CVE-2015-3737"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310131282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131282", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2016-0116.nasl 6562 2017-07-06 12:22:42Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# OpenVAS and security consultance available from openvas@solinor.com\n# see https://solinor.fi/openvas-en/ for more information\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.131282\");\nscript_version(\"$Revision: 6562 $\");\nscript_tag(name:\"creation_date\", value:\"2016-03-31 08:05:06 +0300 (Thu, 31 Mar 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:22:42 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2016-0116\");\nscript_tag(name: \"insight\", value: \"The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2016-0116.html\");\nscript_cve_id(\"CVE-2015-1068\",\"CVE-2015-1069\",\"CVE-2015-1070\",\"CVE-2015-1071\",\"CVE-2015-1072\",\"CVE-2015-1073\",\"CVE-2015-1075\",\"CVE-2015-1076\",\"CVE-2015-1077\",\"CVE-2015-1081\",\"CVE-2015-1082\",\"CVE-2015-1119\",\"CVE-2015-1120\",\"CVE-2015-1121\",\"CVE-2015-1122\",\"CVE-2015-1124\",\"CVE-2015-1126\",\"CVE-2015-1127\",\"CVE-2015-1152\",\"CVE-2015-1153\",\"CVE-2015-1154\",\"CVE-2015-1155\",\"CVE-2015-1156\",\"CVE-2015-3658\",\"CVE-2015-3659\",\"CVE-2015-3660\",\"CVE-2015-3727\",\"CVE-2015-3730\",\"CVE-2015-3731\",\"CVE-2015-3732\",\"CVE-2015-3733\",\"CVE-2015-3734\",\"CVE-2015-3735\",\"CVE-2015-3736\",\"CVE-2015-3737\",\"CVE-2015-3738\",\"CVE-2015-3739\",\"CVE-2015-3740\",\"CVE-2015-3741\",\"CVE-2015-3742\",\"CVE-2015-3743\",\"CVE-2015-3744\",\"CVE-2015-3745\",\"CVE-2015-3746\",\"CVE-2015-3747\",\"CVE-2015-3748\",\"CVE-2015-3749\",\"CVE-2015-3750\",\"CVE-2015-3751\",\"CVE-2015-3752\",\"CVE-2015-3753\",\"CVE-2015-3754\",\"CVE-2015-3755\",\"CVE-2015-5788\",\"CVE-2015-5793\",\"CVE-2015-5794\",\"CVE-2015-5795\",\"CVE-2015-5797\",\"CVE-2015-5799\",\"CVE-2015-5800\",\"CVE-2015-5801\",\"CVE-2015-5803\",\"CVE-2015-5804\",\"CVE-2015-5805\",\"CVE-2015-5806\",\"CVE-2015-5807\",\"CVE-2015-5809\",\"CVE-2015-5810\",\"CVE-2015-5811\",\"CVE-2015-5812\",\"CVE-2015-5813\",\"CVE-2015-5814\",\"CVE-2015-5815\",\"CVE-2015-5816\",\"CVE-2015-5817\",\"CVE-2015-5818\",\"CVE-2015-5819\",\"CVE-2015-5822\",\"CVE-2015-5823\",\"CVE-2015-5825\",\"CVE-2015-5827\",\"CVE-2015-5828\",\"CVE-2015-5928\",\"CVE-2015-5929\",\"CVE-2015-5930\",\"CVE-2015-5931\",\"CVE-2015-7002\",\"CVE-2015-7012\",\"CVE-2015-7013\",\"CVE-2015-7014\",\"CVE-2015-7048\",\"CVE-2015-7095\",\"CVE-2015-7096\",\"CVE-2015-7097\",\"CVE-2015-7098\",\"CVE-2015-7099\",\"CVE-2015-7100\",\"CVE-2015-7102\",\"CVE-2015-7103\",\"CVE-2015-7104\",\"CVE-2016-1723\",\"CVE-2016-1724\",\"CVE-2016-1725\",\"CVE-2016-1726\",\"CVE-2016-1727\",\"CVE-2016-1728\");\nscript_tag(name:\"cvss_base\", value:\"9.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2016-0116\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"webkit2\", rpm:\"webkit2~2.10.9~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32389"], "description": "Interface spoofing, memory corruption, restrictions bypass.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-08-17T00:00:00", "title": "Apple Safari / Webkit multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Safari", "version": "6.2", "operator": "eq"}, {"name": "Safari", "version": "7.1", "operator": "eq"}, {"name": "Safari", "version": "8.0", "operator": "eq"}], "cvelist": ["CVE-2015-3733", "CVE-2015-3736", "CVE-2015-3754", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-3730", "CVE-2015-3750", "CVE-2015-3755", "CVE-2015-3753", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-3748", "CVE-2015-3746", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-3737", "CVE-2015-3729"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14629", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14629", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nAPPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8\r\n\r\nSafari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and\r\naddresses the following:\r\n\r\nSafari Application\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: Visiting a malicious website may lead to user interface\r\nspoofing\r\nDescription: A malicious website could open another site and prompt\r\nfor user input without a way for the user to tell where the prompt\r\ncame from. The issue was addressed by displaying the prompt origin to\r\nthe user.\r\nCVE-ID\r\nCVE-2015-3729 : Code Audit Labs of VulnHunt.com\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3730 : Apple\r\nCVE-2015-3731 : Apple\r\nCVE-2015-3732 : Apple\r\nCVE-2015-3733 : Apple\r\nCVE-2015-3734 : Apple\r\nCVE-2015-3735 : Apple\r\nCVE-2015-3736 : Apple\r\nCVE-2015-3737 : Apple\r\nCVE-2015-3738 : Apple\r\nCVE-2015-3739 : Apple\r\nCVE-2015-3740 : Apple\r\nCVE-2015-3741 : Apple\r\nCVE-2015-3742 : Apple\r\nCVE-2015-3743 : Apple\r\nCVE-2015-3744 : Apple\r\nCVE-2015-3745 : Apple\r\nCVE-2015-3746 : Apple\r\nCVE-2015-3747 : Apple\r\nCVE-2015-3748 : Apple\r\nCVE-2015-3749 : Apple\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: A malicious website may trigger plaintext requests to an\r\norigin under HTTP Strict Transport Security\r\nDescription: An issue existed where Content Security Policy report\r\nrequests would not honor HTTP Strict Transport Security. This issue\r\nwas addressed through improved HTTP Strict Transport Security\r\nenforcement.\r\nCVE-ID\r\nCVE-2015-3750 : Muneaki Nishimura (nishimunea)\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: Image loading may violate a website's Content Security\r\nPolicy directive\r\nDescription: An issue existed where websites with video controls\r\nwould load images nested in object elements in violation of the\r\nwebsite's Content Security Policy directive. This issue was addressed\r\nthrough improved Content Security Policy enforcement.\r\nCVE-ID\r\nCVE-2015-3751 : Muneaki Nishimura (nishimunea)\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: Content Security Policy report requests may leak cookies\r\nDescription: Two issues existed in how cookies were added to Content\r\nSecurity Policy report requests. Cookies were sent in cross-origin\r\nreport requests in violation of the standard. Cookies set during\r\nregular browsing were sent in private browsing. These issues were\r\naddressed through improved cookie handling.\r\nCVE-ID\r\nCVE-2015-3752 : Muneaki Nishimura (nishimunea)\r\n\r\nWebKit Canvas\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: A malicious website may exfiltrate image data cross-origin\r\nDescription: Images fetched through URLs that redirected to a\r\ndata:image resource could have been exfiltrated cross-origin. This\r\nissue was addressed through improved canvas taint tracking.\r\nCVE-ID\r\nCVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe\r\n\r\nWebKit Page Loading\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: Cached authentication state may reveal private browsing\r\nhistory\r\nDescription: An issue existed in caching of HTTP authentication.\r\nCredentials entered in private browsing mode were carried over to\r\nregular browsing which would reveal parts of the user's private\r\nbrowsing history. This issue was addressed through improved caching\r\nrestrictions.\r\nCVE-ID\r\nCVE-2015-3754 : Dongsung Kim (@kid1ng)\r\n\r\nWebKit Process Model\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nand OS X Yosemite v10.10.4\r\nImpact: Visiting a malicious website may lead to user interface\r\nspoofing\r\nDescription: Navigating to a malformed URL may have allowed a\r\nmalicious website to display an arbitrary URL. This issue was\r\naddressed through improved URL handling.\r\nCVE-ID\r\nCVE-2015-3755 : xisigr of Tencent's Xuanwu Lab\r\n\r\nSafari 8.0.8, Safari 7.1.8, and Safari 6.2.8 may be obtained from\r\nthe Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\n\r\niQIcBAEBCAAGBQJVzM3yAAoJEBcWfLTuOo7tYZcP/1LnHEMuFI+SqUczpBZssu+S\r\nk5VHU4YHg37SVeGXWPYhmWnz1NG+t3h5UZmPKwupqHWgA1JbzRcUAEozBLt6kHoL\r\nV8FQJPdiMNHwuqvgHlE8YK8Z9Ep3bS0bvVr/EyE/QghaJxi9IUXGZPNQt5ikP2LA\r\nZafmMrgQF5GRyYeaWsOw12tEiD/wc9f6ThMwtgsOW8LyjTLwf7qPt084sxj2XLTC\r\nGZym1TPjlu6FodGk2ZCSP1a4WwHljBjXyaUlRGvxmAJi+aEe9frCg7onvMrkFdD8\r\nCBCNBXswpMfAg759ZvPjLvYYYgTkql3CGxFOAiNjs47y3kzo/1kXCrrGtqDhgQ0G\r\nMNzmf23yipHoA63UwbmHuANCjPb1+M98uCQJ+jEW3dqpLcJGTbsZil5w1aPJXb5s\r\nulIu9FGknArxrutsg2Zt3xbd3CPaqShWXq2NDNDaofjQ05KkvdqhhMeDUkdujgbT\r\nVNbewci+OfDA6puc8tplZrHWa+BUiOlk9g4UXiUhwzhcj86sGF2FJIDqAEDlBdIo\r\nrpnVNjrNx6bvDA/5WEj40oUPF+yuFNRVHQhKmu++zhXEE8kjtaGXZr+3YiZoCEWl\r\nHKY9pBlZmEO2Viq+Xn+M1OIS091h3qbVC93Eho2oiF/ttcmLPRL40dJmNwaZKe/4\r\nG892+OR68K28IWb8iUib\r\n=l5e/\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-08-17T00:00:00", "title": "APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-3733", "CVE-2015-3736", "CVE-2015-3754", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-3730", "CVE-2015-3750", "CVE-2015-3755", "CVE-2015-3753", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-3748", "CVE-2015-3746", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-3737", "CVE-2015-3729"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32389", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32389", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32392"], "description": "Over 70 of different vulnerabilities.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-08-17T00:00:00", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apple iOS", "version": "8.4", "operator": "eq"}], "cvelist": ["CVE-2015-3758", "CVE-2015-3733", "CVE-2015-3776", "CVE-2015-3736", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-5752", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3778", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3798", "CVE-2015-3738", "CVE-2015-5777", "CVE-2015-5759", "CVE-2015-3740", "CVE-2015-3782", "CVE-2015-3739", "CVE-2015-3784", "CVE-2015-3743", "CVE-2015-3768", "CVE-2015-3747", "CVE-2015-5781", "CVE-2015-5749", "CVE-2015-3805", "CVE-2015-5774", "CVE-2015-3730", "CVE-2015-3803", "CVE-2015-3750", "CVE-2015-3795", "CVE-2015-3755", "CVE-2015-5766", "CVE-2015-5746", "CVE-2015-5761", "CVE-2015-3753", "CVE-2015-5773", "CVE-2015-3800", "CVE-2015-3807", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-3749", "CVE-2015-3742", "CVE-2012-6685", "CVE-2015-3748", "CVE-2015-5775", "CVE-2015-3759", "CVE-2015-3746", "CVE-2015-5770", "CVE-2015-3793", "CVE-2015-5755", "CVE-2015-3756", "CVE-2015-5758", "CVE-2015-3763", "CVE-2015-3804", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-5782", "CVE-2015-5778", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-5757", "CVE-2015-3796", "CVE-2015-3806", "CVE-2015-3737", "CVE-2015-5769", "CVE-2015-3729"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14631", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14631", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\nAPPLE-SA-2015-08-13-3 iOS 8.4.1\r\n\r\niOS 8.4.1 is now available and addresses the following:\r\n\r\nAppleFileConduit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted afc command may allow access to\r\nprotected parts of the filesystem\r\nDescription: An issue existed in the symbolic linking mechanism of\r\nafc. This issue was addressed by adding additional path checks.\r\nCVE-ID\r\nCVE-2015-5746 : evad3rs, TaiG Jailbreak Team\r\n\r\nAir Traffic\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: AirTraffic may have allowed access to protected parts of the\r\nfilesystem\r\nDescription: A path traversal issue existed in asset handling. This\r\nwas addressed with improved validation.\r\nCVE-ID\r\nCVE-2015-5766 : TaiG Jailbreak Team\r\n\r\nBackup\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to create symlinks to\r\nprotected regions of the disk\r\nDescription: An issue existed within the path validation logic for\r\nsymlinks. This issue was addressed through improved path\r\nsanitization.\r\nCVE-ID\r\nCVE-2015-5752 : TaiG Jailbreak Team\r\n\r\nbootp\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCertificate UI\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may be able\r\nto accept untrusted certificates from the lock screen\r\nDescription: Under certain circumstances, the device may have\r\npresented a certificate trust dialog while in a locked state. This\r\nissue was addressed through improved state management.\r\nCVE-ID\r\nCVE-2015-3756 : Andy Grant of NCC Group\r\n\r\nCloudKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCFPreferences\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious app may be able to read other apps' managed\r\npreferences\r\nDescription: An issue existed in the third-party app sandbox. This\r\nissue was addressed by improving the third-party sandbox profile.\r\nCVE-ID\r\nCVE-2015-3793 : Andreas Weinlein of the Appthority Mobility Threat\r\nTeam\r\n\r\nCode Signing\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nCode Signing\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nCode Signing\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nCoreMedia Playback\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in CoreMedia\r\nPlayback. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDiskImages\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-5775 : Apple\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted .tiff file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\n.tiff files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG images. Visiting a malicious website may\r\nresult in sending data from process memory to the website. This issue\r\nwas addressed through improved memory initialization and additional\r\nvalidation of PNG images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of TIFF images. Visiting a malicious website may\r\nresult in sending data from process memory to the website. This issue\r\nis addressed through improved memory initialization and additional\r\nvalidation of TIFF images.\r\nCVE-ID\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nIOKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nLibc\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the TRE library.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in handling AF_INET6\r\nsockets. This issue was addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Michal Zalewski\r\n\r\nlibxml2\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxpc\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nLocation Framework\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to modify protected parts of the\r\nfilesystem\r\nDescription: A symbolic link issue was addressed through improved\r\npath validation.\r\nCVE-ID\r\nCVE-2015-3759 : Cererdlong of Alibaba Mobile Security Team\r\n\r\nMobileInstallation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious enterprise application may be able to replace\r\nextensions for other apps\r\nDescription: An issue existed in the install logic for universal\r\nprovisioning profile apps, which allowed a collision to occur with\r\nexisting bundle IDs. This issue was addressed through improved bundle\r\nID validation.\r\nCVE-ID\r\nCVE-2015-5770 : FireEye\r\n\r\nMSVDX Driver\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a malicious video may lead to a unexpected system\r\ntermination\r\nDescription: A denial of service issue was addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-5769 : Proteas of Qihoo 360 Nirvan Team\r\n\r\nOffice Viewer\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQL Office\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nSafari\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may lead to user interface\r\nspoofing\r\nDescription: A malicious website could open another site and prompt\r\nfor user input without a way for the user to tell where the prompt\r\noriginated. The issue was addressed by displaying the prompt's origin\r\nto the user.\r\nCVE-ID\r\nCVE-2015-3729 : Code Audit Labs of VulnHunt.com\r\n\r\nSafari\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website may trigger an infinite number of alert\r\nmessages\r\nDescription: An issue existed where a malicious or hacked website\r\ncould show infinite alert messages and make users believe their\r\nbrowser was locked. The issue was addressed through throttling of\r\nJavaScript alerts.\r\nCVE-ID\r\nCVE-2015-3763\r\n\r\nSandbox_profiles\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An malicious app may be able to read other apps' managed\r\npreferences\r\nDescription: An issue existed in the third-party app sandbox. This\r\nissue was addressed by improving the third-party sandbox profile.\r\nCVE-ID\r\nCVE-2015-5749 : Andreas Weinlein of the Appthority Mobility Threat\r\nTeam\r\n\r\nUIKit WebView\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to initiate FaceTime\r\ncalls without user authorization\r\nDescription: An issue existed in the parsing of FaceTime URLs within\r\nWebViews. This issue was addressed through improved URL validation.\r\nCVE-ID\r\nCVE-2015-3758 : Brian Simmons of Salesforce, Guillaume Ross\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3730 : Apple\r\nCVE-2015-3731 : Apple\r\nCVE-2015-3732 : Apple\r\nCVE-2015-3733 : Apple\r\nCVE-2015-3734 : Apple\r\nCVE-2015-3735 : Apple\r\nCVE-2015-3736 : Apple\r\nCVE-2015-3737 : Apple\r\nCVE-2015-3738 : Apple\r\nCVE-2015-3739 : Apple\r\nCVE-2015-3740 : Apple\r\nCVE-2015-3741 : Apple\r\nCVE-2015-3742 : Apple\r\nCVE-2015-3743 : Apple\r\nCVE-2015-3744 : Apple\r\nCVE-2015-3745 : Apple\r\nCVE-2015-3746 : Apple\r\nCVE-2015-3747 : Apple\r\nCVE-2015-3748 : Apple\r\nCVE-2015-3749 : Apple\r\n\r\nWeb\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may lead to user interface\r\nspoofing\r\nDescription: Navigating to a malformed URL may have allowed a\r\nmalicious website to display an arbitrary URL. This issue was\r\naddressed through improved URL handling.\r\nCVE-ID\r\nCVE-2015-3755 : xisigr of Tencent's Xuanwu Lab\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website may exfiltrate image data cross-origin\r\nDescription: Images fetched through URLs that redirected to a\r\ndata:image resource could have been exfiltrated cross-origin. This\r\nissue was addressed through improved canvas taint tracking.\r\nCVE-ID\r\nCVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website can trigger plaintext requests to an\r\norigin under HTTP Strict Transport Security\r\nDescription: An issue existed where Content Security Policy report\r\nrequests would not honor HTTP Strict Transport Security (HSTS). The\r\nissue was addressed by applying HSTS to CSP.\r\nCVE-ID\r\nCVE-2015-3750 : Muneaki Nishimura (nishimunea)\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website can make a tap event produce a synthetic\r\nclick on another page\r\nDescription: An issue existed in how synthetic clicks are generated\r\nfrom tap events that could cause clicks to target other pages. The\r\nissue was addressed through restricted click propagation.\r\nCVE-ID\r\nCVE-2015-5759 : Phillip Moon and Matt Weston of Sandfield\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Content Security Policy report requests may leak cookies\r\nDescription: Two issues existed in how cookies were added to Content\r\nSecurity Policy report requests. Cookies were sent in cross-origin\r\nreport requests in violation of the standard. Cookies set during\r\nregular browsing were sent in private browsing. These issues were\r\naddressed through improved cookie handling.\r\nCVE-ID\r\nCVE-2015-3752 : Muneaki Nishimura (nishimunea)\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Image loading may violate a website's Content Security\r\nPolicy directive\r\nDescription: An issue existed where websites with video controls\r\nwould load images nested in object elements in violation of the\r\nwebsite's Content Security Policy directive. This issue was addressed\r\nthrough improved Content Security Policy enforcement.\r\nCVE-ID\r\nCVE-2015-3751 : Muneaki Nishimura (nishimunea)\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "8.4.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-08-17T00:00:00", "title": "APPLE-SA-2015-08-13-3 iOS 8.4.1", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-3758", "CVE-2015-3733", "CVE-2015-3776", "CVE-2015-3736", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-5752", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3778", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3798", "CVE-2015-3738", "CVE-2015-5777", "CVE-2015-5759", "CVE-2015-3740", "CVE-2015-3782", "CVE-2015-3739", "CVE-2015-3784", "CVE-2015-3743", "CVE-2015-3768", "CVE-2015-3747", "CVE-2015-5781", "CVE-2015-5749", "CVE-2015-3805", "CVE-2015-5774", "CVE-2015-3730", "CVE-2015-3803", "CVE-2015-3750", "CVE-2015-3795", "CVE-2015-3755", "CVE-2015-5766", "CVE-2015-5746", "CVE-2015-5761", "CVE-2015-3753", "CVE-2015-5773", "CVE-2015-3800", "CVE-2015-3807", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-3749", "CVE-2015-3742", "CVE-2012-6685", "CVE-2015-3748", "CVE-2015-5775", "CVE-2015-3759", "CVE-2015-3746", "CVE-2015-5770", "CVE-2015-3793", "CVE-2015-5755", "CVE-2015-3756", "CVE-2015-5758", "CVE-2015-3763", "CVE-2015-3804", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-5782", "CVE-2015-5778", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-5757", "CVE-2015-3796", "CVE-2015-3806", "CVE-2015-3737", "CVE-2015-5769", "CVE-2015-3729"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32392", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32392", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:01", "references": [], "description": "\r\n\r\nAPPLE-SA-2015-09-16-3 iTunes 12.3\r\n\r\niTunes 12.3 is now available and addresses the following:\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: Applications that use CoreText may be vulnerable to\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of text files. These issues were addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-1157 : Apple\r\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: Applications that use ICU may be vulnerable to unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of unicode strings. These issues were addressed by\r\nupdating ICU to version 55.\r\nCVE-ID\r\nCVE-2014-8146\r\nCVE-2015-1205\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: Opening a media file may lead to arbitrary code execution\r\nDescription: A security issue existed in Microsoft Foundation\r\nClass's handling of library loading. This issue was addressed by\r\nupdating to the latest version of the Microsoft Visual C++\r\nRedistributable Package.\r\nCVE-ID\r\nCVE-2010-3190 : Stefan Kanthak\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may result in unexpected application termination or\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1152 : Apple\r\nCVE-2015-1153 : Apple\r\nCVE-2015-3730 : Apple\r\nCVE-2015-3731 : Apple\r\nCVE-2015-3733 : Apple\r\nCVE-2015-3734 : Apple\r\nCVE-2015-3735 : Apple\r\nCVE-2015-3736 : Apple\r\nCVE-2015-3737 : Apple\r\nCVE-2015-3738 : Apple\r\nCVE-2015-3739 : Apple\r\nCVE-2015-3740 : Apple\r\nCVE-2015-3741 : Apple\r\nCVE-2015-3742 : Apple\r\nCVE-2015-3743 : Apple\r\nCVE-2015-3744 : Apple\r\nCVE-2015-3745 : Apple\r\nCVE-2015-3746 : Apple\r\nCVE-2015-3747 : Apple\r\nCVE-2015-3748 : Apple\r\nCVE-2015-3749 : Apple\r\nCVE-2015-5789 : Apple\r\nCVE-2015-5790 : Apple\r\nCVE-2015-5791 : Apple\r\nCVE-2015-5792 : Apple\r\nCVE-2015-5793 : Apple\r\nCVE-2015-5794 : Apple\r\nCVE-2015-5795 : Apple\r\nCVE-2015-5796 : Apple\r\nCVE-2015-5797 : Apple\r\nCVE-2015-5798 : Apple\r\nCVE-2015-5799 : Apple\r\nCVE-2015-5800 : Apple\r\nCVE-2015-5801 : Apple\r\nCVE-2015-5802 : Apple\r\nCVE-2015-5803 : Apple\r\nCVE-2015-5804 : Apple\r\nCVE-2015-5805\r\nCVE-2015-5806 : Apple\r\nCVE-2015-5807 : Apple\r\nCVE-2015-5808 : Joe Vennix\r\nCVE-2015-5809 : Apple\r\nCVE-2015-5810 : Apple\r\nCVE-2015-5811 : Apple\r\nCVE-2015-5812 : Apple\r\nCVE-2015-5813 : Apple\r\nCVE-2015-5814 : Apple\r\nCVE-2015-5815 : Apple\r\nCVE-2015-5816 : Apple\r\nCVE-2015-5817 : Apple\r\nCVE-2015-5818 : Apple\r\nCVE-2015-5819 : Apple\r\nCVE-2015-5821 : Apple\r\nCVE-2015-5822 : Mark S. Miller of Google\r\nCVE-2015-5823 : Apple\r\n\r\nSoftware Update\r\nImpact: An attacker in a privileged network position may be able to\r\nobtain encrypted SMB credentials\r\nDescription: A redirection issue existed in the handling of certain\r\nnetwork connections. This issue was addressed through improved\r\nresource validation.\r\nCVE-ID\r\nCVE-2015-5920 : Cylance\r\n\r\n\r\niTunes 12.3 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nYou may also update to the latest version of iTunes via Apple\r\nSoftware Update, which can be found in the Start menu.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-10-05T00:00:00", "title": "APPLE-SA-2015-09-16-3 iTunes 12.3", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:01", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-3733", "CVE-2015-1157", "CVE-2015-3736", "CVE-2015-3686", "CVE-2015-5798", "CVE-2015-3688", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-5796", "CVE-2015-1205", "CVE-2015-5874", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-3731", "CVE-2015-3687", "CVE-2015-5805", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5802", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5789", "CVE-2015-5761", "CVE-2015-5813", "CVE-2015-5821", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-3748", "CVE-2014-8146", "CVE-2015-1152", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-5920", "CVE-2015-5755", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-3735", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-3737", "CVE-2010-3190"], "modified": "2015-10-05T00:00:00", "id": "SECURITYVULNS:DOC:32517", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32517", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32567", "https://vulners.com/securityvulns/securityvulns:doc:32517"], "description": "Multiple memory corruptions, DLL injections, multiple WebKit vulnerabilities, information disclosure.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-25T00:00:00", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "iTunes", "version": "12.2", "operator": "eq"}], "cvelist": ["CVE-2015-3733", "CVE-2015-5930", "CVE-2015-7013", "CVE-2015-1157", "CVE-2015-3736", "CVE-2015-3686", "CVE-2015-6975", "CVE-2015-7002", "CVE-2015-5798", "CVE-2015-3688", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-5796", "CVE-2015-1205", "CVE-2015-5874", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-3731", "CVE-2015-3687", "CVE-2015-6992", "CVE-2015-5805", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5802", "CVE-2015-5931", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5929", "CVE-2015-5789", "CVE-2015-5761", "CVE-2015-5813", "CVE-2015-5821", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-3748", "CVE-2014-8146", "CVE-2015-1152", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-5920", "CVE-2015-5755", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-3735", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-7017", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-3737", "CVE-2010-3190", "CVE-2015-7011"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14698", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14698", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-09-13T06:47:13", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n09/16/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nApple iTunes versions earlier than 12.3\n\n### *Solution*:\nUpdate to the latest version \n[Get iTunes](<http://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[Apple advisory](<https://support.apple.com/en-us/HT205221>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2015-1152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152>) \n[CVE-2015-1153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153>) \n[CVE-2015-3741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741>) \n[CVE-2015-3746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3746>) \n[CVE-2015-3743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743>) \n[CVE-2015-5755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5755>) \n[CVE-2015-3688](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3688>) \n[CVE-2015-1205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1205>) \n[CVE-2015-3747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747>) \n[CVE-2015-3744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3744>) \n[CVE-2015-5806](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5806>) \n[CVE-2015-3734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3734>) \n[CVE-2015-3748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748>) \n[CVE-2015-3742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3742>) \n[CVE-2015-3738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3738>) \n[CVE-2015-3740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3740>) \n[CVE-2015-3733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3733>) \n[CVE-2015-5822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822>) \n[CVE-2015-5803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5803>) \n[CVE-2015-5823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5823>) \n[CVE-2015-5804](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5804>) \n[CVE-2015-5797](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5797>) \n[CVE-2015-5796](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5796>) \n[CVE-2015-1157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1157>) \n[CVE-2015-3745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745>) \n[CVE-2015-5790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5790>) \n[CVE-2015-5810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5810>) \n[CVE-2015-5811](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5811>) \n[CVE-2015-5795](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5795>) \n[CVE-2015-5794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794>) \n[CVE-2015-5793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5793>) \n[CVE-2015-5792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5792>) \n[CVE-2015-5920](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5920>) \n[CVE-2015-5805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5805>) \n[CVE-2015-3730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3730>) \n[CVE-2015-5761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5761>) \n[CVE-2015-5813](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5813>) \n[CVE-2015-5812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5812>) \n[CVE-2015-5791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5791>) \n[CVE-2015-5789](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5789>) \n[CVE-2015-5814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5814>) \n[CVE-2015-5819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5819>) \n[CVE-2015-5799](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5799>) \n[CVE-2015-3686](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3686>) \n[CVE-2015-3687](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3687>) \n[CVE-2015-5815](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5815>) \n[CVE-2015-5807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5807>) \n[CVE-2015-5817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5817>) \n[CVE-2015-5816](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5816>) \n[CVE-2015-3735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3735>) \n[CVE-2015-3736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3736>) \n[CVE-2015-5801](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801>) \n[CVE-2015-5802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5802>) \n[CVE-2015-5798](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5798>) \n[CVE-2015-5808](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5808>) \n[CVE-2015-5818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5818>) \n[CVE-2015-3749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749>) \n[CVE-2015-3737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3737>) \n[CVE-2015-3731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731>) \n[CVE-2015-3739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3739>) \n[CVE-2014-8146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146>) \n[CVE-2010-3190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3190>) \n[CVE-2015-5800](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5800>) \n[CVE-2015-5821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5821>) \n[CVE-2015-5874](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5874>) \n[CVE-2015-5809](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809>)", "edition": 13, "reporter": "Kaspersky Lab", "published": "2015-09-16T00:00:00", "title": "\r KLA10669Multiple vulnerabilities in Apple iTunes ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-3733", "CVE-2015-1157", "CVE-2015-3736", "CVE-2015-3686", "CVE-2015-5798", "CVE-2015-3688", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-5796", "CVE-2015-1205", "CVE-2015-5874", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-3731", "CVE-2015-3687", "CVE-2015-5805", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5802", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5789", "CVE-2015-5761", "CVE-2015-5813", "CVE-2015-5821", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-3748", "CVE-2014-8146", "CVE-2015-1152", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-5920", "CVE-2015-5755", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-3735", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-3737", "CVE-2010-3190"], "modified": "2018-09-10T00:00:00", "id": "KLA10669", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10669", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
