Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows the UNIX philosophy - "Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface."
{"ubuntucve": [{"lastseen": "2021-11-22T22:00:44", "description": "The default configuration of the <Button2> binding in Uzbl before\n2010.08.05 does not properly use the @SELECTED_URI feature, which allows\nuser-assisted remote attackers to execute arbitrary commands via a crafted\nHREF attribute of an A element in an HTML document.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=621965>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=621964>\n * [http://www.uzbl.org/bugs/index.php?do=details&task_id=240](<http://www.uzbl.org/bugs/index.php?do=details&task_id=240>)\n", "cvss3": {}, "published": "2010-08-19T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2809", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2809"], "modified": "2010-08-19T00:00:00", "id": "UB:CVE-2010-2809", "href": "https://ubuntu.com/security/CVE-2010-2809", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-18T10:57:53", "description": "Check for the Version of uzbl", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for uzbl FEDORA-2010-12386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:862669", "href": "http://plugins.openvas.org/nasl.php?oid=862669", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for uzbl FEDORA-2010-12386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"uzbl on Fedora 14\";\ntag_insight = \"Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows\n the UNIX philosophy - "Write programs that do one thing and do it\n well. Write programs to work together. Write programs to handle text\n streams, because that is a universal interface."\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046302.html\");\n script_id(862669);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-12386\");\n script_cve_id(\"CVE-2010-2809\");\n script_name(\"Fedora Update for uzbl FEDORA-2010-12386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of uzbl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"uzbl-0\", rpm:\"uzbl-0~0.16.20100626gitafc0f873e.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:30", "description": "Check for the Version of uzbl", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for uzbl FEDORA-2010-12260", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:1361412562310862332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for uzbl FEDORA-2010-12260\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"uzbl on Fedora 13\";\ntag_insight = \"Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows\n the UNIX philosophy - "Write programs that do one thing and do it\n well. Write programs to work together. Write programs to handle text\n streams, because that is a universal interface."\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045994.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862332\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-12260\");\n script_cve_id(\"CVE-2010-2809\");\n script_name(\"Fedora Update for uzbl FEDORA-2010-12260\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of uzbl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"uzbl-0\", rpm:\"uzbl-0~0.16.20100626gitafc0f873e.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:43", "description": "Check for the Version of uzbl", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for uzbl FEDORA-2010-12260", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:862332", "href": "http://plugins.openvas.org/nasl.php?oid=862332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for uzbl FEDORA-2010-12260\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"uzbl on Fedora 13\";\ntag_insight = \"Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows\n the UNIX philosophy - "Write programs that do one thing and do it\n well. Write programs to work together. Write programs to handle text\n streams, because that is a universal interface."\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045994.html\");\n script_id(862332);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-12260\");\n script_cve_id(\"CVE-2010-2809\");\n script_name(\"Fedora Update for uzbl FEDORA-2010-12260\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of uzbl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"uzbl-0\", rpm:\"uzbl-0~0.16.20100626gitafc0f873e.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:05:16", "description": "Check for the Version of uzbl", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for uzbl FEDORA-2010-12276", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310862335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for uzbl FEDORA-2010-12276\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"uzbl on Fedora 12\";\ntag_insight = \"Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows\n the UNIX philosophy - "Write programs that do one thing and do it\n well. Write programs to work together. Write programs to handle text\n streams, because that is a universal interface."\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045989.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862335\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-12276\");\n script_cve_id(\"CVE-2010-2809\");\n script_name(\"Fedora Update for uzbl FEDORA-2010-12276\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of uzbl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"uzbl-0\", rpm:\"uzbl-0~0.16.20100626gitafc0f873e.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:18", "description": "Check for the Version of uzbl", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for uzbl FEDORA-2010-12276", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:862335", "href": "http://plugins.openvas.org/nasl.php?oid=862335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for uzbl FEDORA-2010-12276\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"uzbl on Fedora 12\";\ntag_insight = \"Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows\n the UNIX philosophy - "Write programs that do one thing and do it\n well. Write programs to work together. Write programs to handle text\n streams, because that is a universal interface."\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045989.html\");\n script_id(862335);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-12276\");\n script_cve_id(\"CVE-2010-2809\");\n script_name(\"Fedora Update for uzbl FEDORA-2010-12276\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of uzbl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"uzbl-0\", rpm:\"uzbl-0~0.16.20100626gitafc0f873e.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:53:42", "description": "Check for the Version of uzbl", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for uzbl FEDORA-2010-12386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:1361412562310862669", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862669", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for uzbl FEDORA-2010-12386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"uzbl on Fedora 14\";\ntag_insight = \"Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows\n the UNIX philosophy - "Write programs that do one thing and do it\n well. Write programs to work together. Write programs to handle text\n streams, because that is a universal interface."\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046302.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862669\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-12386\");\n script_cve_id(\"CVE-2010-2809\");\n script_name(\"Fedora Update for uzbl FEDORA-2010-12386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of uzbl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"uzbl-0\", rpm:\"uzbl-0~0.16.20100626gitafc0f873e.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:35", "description": "Gentoo Linux Local Security Checks GLSA 201412-08", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121294", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121294", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121294\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:04 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-08\");\n script_tag(name:\"insight\", value:\"Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-08\");\n script_cve_id(\"CVE-2006-3005\", \"CVE-2007-2741\", \"CVE-2008-0553\", \"CVE-2008-1382\", \"CVE-2008-5907\", \"CVE-2008-6218\", \"CVE-2008-6661\", \"CVE-2009-0040\", \"CVE-2009-0360\", \"CVE-2009-0361\", \"CVE-2009-0946\", \"CVE-2009-2042\", \"CVE-2009-2624\", \"CVE-2009-3736\", \"CVE-2009-4029\", \"CVE-2009-4411\", \"CVE-2009-4896\", \"CVE-2010-0001\", \"CVE-2010-0436\", \"CVE-2010-0732\", \"CVE-2010-0829\", \"CVE-2010-1000\", \"CVE-2010-1205\", \"CVE-2010-1511\", \"CVE-2010-2056\", \"CVE-2010-2060\", \"CVE-2010-2192\", \"CVE-2010-2251\", \"CVE-2010-2529\", \"CVE-2010-2809\", \"CVE-2010-2945\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-util/insight\", unaffected: make_list(\"ge 6.7.1-r1\"), vulnerable: make_list(\"lt 6.7.1-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-perl/perl-tk\", unaffected: make_list(\"ge 804.028-r2\"), vulnerable: make_list(\"lt 804.028-r2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-util/sourcenav\", unaffected: make_list(\"ge 5.1.4\"), vulnerable: make_list(\"lt 5.1.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/tk\", unaffected: make_list(\"ge 8.4.18-r1\"), vulnerable: make_list(\"lt 8.4.18-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-block/partimage\", unaffected: make_list(\"ge 0.6.8\"), vulnerable: make_list(\"lt 0.6.8\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-antivirus/bitdefender-console\", unaffected: make_list(), vulnerable: make_list(\"lt 7.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-mail/mlmmj\", unaffected: make_list(\"ge 1.2.17.1\"), vulnerable: make_list(\"lt 1.2.17.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/acl\", unaffected: make_list(\"ge 2.2.49\"), vulnerable: make_list(\"lt 2.2.49\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-apps/xinit\", unaffected: make_list(\"ge 1.2.0-r4\"), vulnerable: make_list(\"lt 1.2.0-r4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-arch/gzip\", unaffected: make_list(\"ge 1.4\"), vulnerable: make_list(\"lt 1.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-arch/ncompress\", unaffected: make_list(\"ge 4.2.4.3\"), vulnerable: make_list(\"lt 4.2.4.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/liblzw\", unaffected: make_list(\"ge 0.2\"), vulnerable: make_list(\"lt 0.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-gfx/splashutils\", unaffected: make_list(\"ge 1.5.4.3-r3\"), vulnerable: make_list(\"lt 1.5.4.3-r3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-devel/m4\", unaffected: make_list(\"ge 1.4.14-r1\"), vulnerable: make_list(\"lt 1.4.14-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"kde-base/kdm\", unaffected: make_list(\"ge 4.3.5-r1\"), vulnerable: make_list(\"lt 4.3.5-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/gtk+\", unaffected: make_list(\"ge 2.18.7\"), vulnerable: make_list(\"lt 2.18.7\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"kde-base/kget\", unaffected: make_list(\"ge 4.3.5-r1\"), vulnerable: make_list(\"lt 4.3.5-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-text/dvipng\", unaffected: make_list(\"ge 1.13\"), vulnerable: make_list(\"lt 1.13\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-misc/beanstalkd\", unaffected: make_list(\"ge 1.4.6\"), vulnerable: make_list(\"lt 1.4.6\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/pmount\", unaffected: make_list(\"ge 0.9.23\"), vulnerable: make_list(\"lt 0.9.23\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-auth/pam_krb5\", unaffected: make_list(\"ge 4.3\"), vulnerable: make_list(\"lt 4.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-text/gv\", unaffected: make_list(\"ge 3.7.1\"), vulnerable: make_list(\"lt 3.7.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-ftp/lftp\", unaffected: make_list(\"ge 4.0.6\"), vulnerable: make_list(\"lt 4.0.6\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/uzbl\", unaffected: make_list(\"ge 2010.08.05\"), vulnerable: make_list(\"lt 2010.08.05\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-misc/slim\", unaffected: make_list(\"ge 1.3.2\"), vulnerable: make_list(\"lt 1.3.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/iputils\", unaffected: make_list(\"ge 20100418\"), vulnerable: make_list(\"lt 20100418\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-tv/dvbstreamer\", unaffected: make_list(\"ge 1.1-r1\"), vulnerable: make_list(\"lt 1.1-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2021-12-14T17:53:29", "description": "The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.", "cvss3": {}, "published": "2010-08-19T22:00:00", "type": "debiancve", "title": "CVE-2010-2809", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2809"], "modified": "2010-08-19T22:00:00", "id": "DEBIANCVE:CVE-2010-2809", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2809", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows the UNIX philosophy - \"Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.\" ", "cvss3": {}, "published": "2010-08-21T04:30:28", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: uzbl-0-0.16.20100626gitafc0f873e.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2809"], "modified": "2010-08-21T04:30:28", "id": "FEDORA:1B4B310F8EE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ND6H7ELT7HVOQ63LSRPLXDE4C7GB4B32/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows the UNIX philosophy - \"Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.\" ", "cvss3": {}, "published": "2010-08-24T02:00:03", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: uzbl-0-0.16.20100626gitafc0f873e.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2809"], "modified": "2010-08-24T02:00:03", "id": "FEDORA:D7BA2110DD8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KK5PV3HXHXYA4CZC6MD4C6GKBMCDFJZG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:19:21", "description": "The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.", "cvss3": {}, "published": "2010-08-19T22:00:00", "type": "cve", "title": "CVE-2010-2809", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2809"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:uzbl:uzbl:2010.04.03", "cpe:/a:uzbl:uzbl:2009.12.22", "cpe:/a:uzbl:uzbl:2010.01.04"], "id": "CVE-2010-2809", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2809", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:uzbl:uzbl:2010.04.03:*:*:*:*:*:*:*", "cpe:2.3:a:uzbl:uzbl:2009.12.22:*:*:*:*:*:*:*", "cpe:2.3:a:uzbl:uzbl:2010.01.04:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T13:03:20", "description": "Fix a bug in the default configuration for the mouse bindings that can allow crafted links to execute arbitrary shell code. Please check your local configuration and replace '\\@SELECTED_URI' with '$8' in any string that is executed as shell code (usually involves 'sh 'commands_here').\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-23T00:00:00", "type": "nessus", "title": "Fedora 12 : uzbl-0-0.16.20100626gitafc0f873e.fc12 (2010-12276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:uzbl", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-12276.NASL", "href": "https://www.tenable.com/plugins/nessus/48389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12276.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48389);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2809\");\n script_bugtraq_id(42297);\n script_xref(name:\"FEDORA\", value:\"2010-12276\");\n\n script_name(english:\"Fedora 12 : uzbl-0-0.16.20100626gitafc0f873e.fc12 (2010-12276)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix a bug in the default configuration for the mouse bindings that can\nallow crafted links to execute arbitrary shell code. Please check your\nlocal configuration and replace '\\@SELECTED_URI' with '$8' in any\nstring that is executed as shell code (usually involves 'sh\n'commands_here').\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621964\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045989.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?213a63aa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected uzbl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:uzbl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"uzbl-0-0.16.20100626gitafc0f873e.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"uzbl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:20", "description": "Fix a bug in the default configuration for the mouse bindings that can allow crafted links to execute arbitrary shell code. Please check your local configuration and replace '\\@SELECTED_URI' with '$8' in any string that is executed as shell code (usually involves 'sh 'commands_here').\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-23T00:00:00", "type": "nessus", "title": "Fedora 13 : uzbl-0-0.16.20100626gitafc0f873e.fc13 (2010-12260)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:uzbl", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-12260.NASL", "href": "https://www.tenable.com/plugins/nessus/48388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12260.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48388);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2809\");\n script_bugtraq_id(42297);\n script_xref(name:\"FEDORA\", value:\"2010-12260\");\n\n script_name(english:\"Fedora 13 : uzbl-0-0.16.20100626gitafc0f873e.fc13 (2010-12260)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix a bug in the default configuration for the mouse bindings that can\nallow crafted links to execute arbitrary shell code. Please check your\nlocal configuration and replace '\\@SELECTED_URI' with '$8' in any\nstring that is executed as shell code (usually involves 'sh\n'commands_here').\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621964\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045994.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e790a4f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected uzbl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:uzbl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"uzbl-0-0.16.20100626gitafc0f873e.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"uzbl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:16", "description": "Fix a bug in the default configuration for the mouse bindings that can allow crafted links to execute arbitrary shell code. Please check your local configuration and replace '\\@SELECTED_URI' with '$8' in any string that is executed as shell code (usually involves 'sh 'commands_here').\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-24T00:00:00", "type": "nessus", "title": "Fedora 14 : uzbl-0-0.16.20100626gitafc0f873e.fc14 (2010-12386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2809"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:uzbl", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-12386.NASL", "href": "https://www.tenable.com/plugins/nessus/48413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12386.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48413);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2809\");\n script_bugtraq_id(42297);\n script_xref(name:\"FEDORA\", value:\"2010-12386\");\n\n script_name(english:\"Fedora 14 : uzbl-0-0.16.20100626gitafc0f873e.fc14 (2010-12386)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix a bug in the default configuration for the mouse bindings that can\nallow crafted links to execute arbitrary shell code. Please check your\nlocal configuration and replace '\\@SELECTED_URI' with '$8' in any\nstring that is executed as shell code (usually involves 'sh\n'commands_here').\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621964\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046302.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1b26425\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected uzbl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:uzbl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"uzbl-0-0.16.20100626gitafc0f873e.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"uzbl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:29", "description": "The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There are no known workarounds at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3005", "CVE-2007-2741", "CVE-2008-0553", "CVE-2008-1382", "CVE-2008-5907", "CVE-2008-6218", "CVE-2008-6661", "CVE-2009-0040", "CVE-2009-0360", "CVE-2009-0361", "CVE-2009-0946", "CVE-2009-2042", "CVE-2009-2624", "CVE-2009-3736", "CVE-2009-4029", "CVE-2009-4411", "CVE-2009-4896", "CVE-2010-0001", "CVE-2010-0436", "CVE-2010-0732", "CVE-2010-0829", "CVE-2010-1000", "CVE-2010-1205", "CVE-2010-1511", "CVE-2010-2056", "CVE-2010-2060", "CVE-2010-2192", "CVE-2010-2251", "CVE-2010-2529", "CVE-2010-2809", "CVE-2010-2945"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:acl", "p-cpe:/a:gentoo:linux:beanstalkd", "p-cpe:/a:gentoo:linux:bitdefender-console", "p-cpe:/a:gentoo:linux:dvbstreamer", "p-cpe:/a:gentoo:linux:dvipng", "p-cpe:/a:gentoo:linux:gtk%2b", "p-cpe:/a:gentoo:linux:gv", "p-cpe:/a:gentoo:linux:gzip", "p-cpe:/a:gentoo:linux:insight", "p-cpe:/a:gentoo:linux:iputils", "p-cpe:/a:gentoo:linux:kdm", "p-cpe:/a:gentoo:linux:kget", "p-cpe:/a:gentoo:linux:lftp", "p-cpe:/a:gentoo:linux:liblzw", "p-cpe:/a:gentoo:linux:m4", "p-cpe:/a:gentoo:linux:mlmmj", "p-cpe:/a:gentoo:linux:ncompress", "p-cpe:/a:gentoo:linux:pam_krb5", "p-cpe:/a:gentoo:linux:partimage", "p-cpe:/a:gentoo:linux:perl-tk", "p-cpe:/a:gentoo:linux:pmount", "p-cpe:/a:gentoo:linux:slim", "p-cpe:/a:gentoo:linux:sourcenav", "p-cpe:/a:gentoo:linux:splashutils", "p-cpe:/a:gentoo:linux:tk", "p-cpe:/a:gentoo:linux:uzbl", "p-cpe:/a:gentoo:linux:xinit", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201412-08.NASL", "href": "https://www.tenable.com/plugins/nessus/79961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-08.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79961);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3005\", \"CVE-2007-2741\", \"CVE-2008-0553\", \"CVE-2008-1382\", \"CVE-2008-5907\", \"CVE-2008-6218\", \"CVE-2008-6661\", \"CVE-2009-0040\", \"CVE-2009-0360\", \"CVE-2009-0361\", \"CVE-2009-0946\", \"CVE-2009-2042\", \"CVE-2009-2624\", \"CVE-2009-3736\", \"CVE-2009-4029\", \"CVE-2009-4411\", \"CVE-2009-4896\", \"CVE-2010-0001\", \"CVE-2010-0436\", \"CVE-2010-0732\", \"CVE-2010-0829\", \"CVE-2010-1000\", \"CVE-2010-1205\", \"CVE-2010-1511\", \"CVE-2010-2056\", \"CVE-2010-2060\", \"CVE-2010-2192\", \"CVE-2010-2251\", \"CVE-2010-2529\", \"CVE-2010-2809\", \"CVE-2010-2945\");\n script_bugtraq_id(24001, 27655, 28770, 31920, 32751, 33740, 33741, 33827, 33990, 34550, 35233, 37128, 37378, 37455, 37886, 37888, 38211, 39467, 39969, 40141, 40426, 40516, 40939, 41174, 41841, 41911, 42297, 43728);\n script_xref(name:\"GLSA\", value:\"201412-08\");\n\n script_name(english:\"GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-08\n(Multiple packages, Multiple vulnerabilities fixed in 2010)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n Insight\n Perl Tk Module\n Source-Navigator\n Tk\n Partimage\n Mlmmj\n acl\n Xinit\n gzip\n ncompress\n liblzw\n splashutils\n GNU M4\n KDE Display Manager\n GTK+\n KGet\n dvipng\n Beanstalk\n Policy Mount\n pam_krb5\n GNU gv\n LFTP\n Uzbl\n Slim\n Bitdefender Console\n iputils\n DVBStreamer\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Insight users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/insight-6.7.1-r1'\n All Perl Tk Module users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-perl/perl-tk-804.028-r2'\n All Source-Navigator users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/sourcenav-5.1.4'\n All Tk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/tk-8.4.18-r1'\n All Partimage users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-block/partimage-0.6.8'\n All Mlmmj users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-mail/mlmmj-1.2.17.1'\n All acl users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/acl-2.2.49'\n All Xinit users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-apps/xinit-1.2.0-r4'\n All gzip users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/gzip-1.4'\n All ncompress users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/ncompress-4.2.4.3'\n All liblzw users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/liblzw-0.2'\n All splashutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-gfx/splashutils-1.5.4.3-r3'\n All GNU M4 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/m4-1.4.14-r1'\n All KDE Display Manager users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kdm-4.3.5-r1'\n All GTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/gtk+-2.18.7'\n All KGet 4.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kget-4.3.5-r1'\n All dvipng users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/dvipng-1.13'\n All Beanstalk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-misc/beanstalkd-1.4.6'\n All Policy Mount users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/pmount-0.9.23'\n All pam_krb5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/pam_krb5-4.3'\n All GNU gv users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/gv-3.7.1'\n All LFTP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-ftp/lftp-4.0.6'\n All Uzbl users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/uzbl-2010.08.05'\n All Slim users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-misc/slim-1.3.2'\n All iputils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/iputils-20100418'\n All DVBStreamer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-tv/dvbstreamer-1.1-r1'\n Gentoo has discontinued support for Bitdefender Console. We recommend\n that users unmerge Bitdefender Console:\n # emerge --unmerge 'app-antivirus/bitdefender-console'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2011. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 119, 189, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:acl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:beanstalkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bitdefender-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dvbstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dvipng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gtk+\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:insight\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:iputils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:liblzw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:m4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mlmmj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:partimage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:perl-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sourcenav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:splashutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:uzbl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xinit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/gzip\", unaffected:make_list(\"ge 1.4\"), vulnerable:make_list(\"lt 1.4\"))) flag++;\nif (qpkg_check(package:\"kde-base/kget\", unaffected:make_list(\"ge 4.3.5-r1\"), vulnerable:make_list(\"lt 4.3.5-r1\"))) flag++;\nif (qpkg_check(package:\"dev-libs/liblzw\", unaffected:make_list(\"ge 0.2\"), vulnerable:make_list(\"lt 0.2\"))) flag++;\nif (qpkg_check(package:\"kde-base/kdm\", unaffected:make_list(\"ge 4.3.5-r1\"), vulnerable:make_list(\"lt 4.3.5-r1\"))) flag++;\nif (qpkg_check(package:\"app-text/dvipng\", unaffected:make_list(\"ge 1.13\"), vulnerable:make_list(\"lt 1.13\"))) flag++;\nif (qpkg_check(package:\"x11-apps/xinit\", unaffected:make_list(\"ge 1.2.0-r4\"), vulnerable:make_list(\"lt 1.2.0-r4\"))) flag++;\nif (qpkg_check(package:\"net-ftp/lftp\", unaffected:make_list(\"ge 4.0.6\"), vulnerable:make_list(\"lt 4.0.6\"))) flag++;\nif (qpkg_check(package:\"net-mail/mlmmj\", unaffected:make_list(\"ge 1.2.17.1\"), vulnerable:make_list(\"lt 1.2.17.1\"))) flag++;\nif (qpkg_check(package:\"sys-apps/pmount\", unaffected:make_list(\"ge 0.9.23\"), vulnerable:make_list(\"lt 0.9.23\"))) flag++;\nif (qpkg_check(package:\"sys-block/partimage\", unaffected:make_list(\"ge 0.6.8\"), vulnerable:make_list(\"lt 0.6.8\"))) flag++;\nif (qpkg_check(package:\"sys-apps/acl\", unaffected:make_list(\"ge 2.2.49\"), vulnerable:make_list(\"lt 2.2.49\"))) flag++;\nif (qpkg_check(package:\"app-arch/ncompress\", unaffected:make_list(\"ge 4.2.4.3\"), vulnerable:make_list(\"lt 4.2.4.3\"))) flag++;\nif (qpkg_check(package:\"media-gfx/splashutils\", unaffected:make_list(\"ge 1.5.4.3-r3\"), vulnerable:make_list(\"lt 1.5.4.3-r3\"))) flag++;\nif (qpkg_check(package:\"www-client/uzbl\", unaffected:make_list(\"ge 2010.08.05\"), vulnerable:make_list(\"lt 2010.08.05\"))) flag++;\nif (qpkg_check(package:\"dev-util/insight\", unaffected:make_list(\"ge 6.7.1-r1\"), vulnerable:make_list(\"lt 6.7.1-r1\"))) flag++;\nif (qpkg_check(package:\"sys-devel/m4\", unaffected:make_list(\"ge 1.4.14-r1\"), vulnerable:make_list(\"lt 1.4.14-r1\"))) flag++;\nif (qpkg_check(package:\"app-antivirus/bitdefender-console\", unaffected:make_list(), vulnerable:make_list(\"le 7.1\"))) flag++;\nif (qpkg_check(package:\"app-text/gv\", unaffected:make_list(\"ge 3.7.1\"), vulnerable:make_list(\"lt 3.7.1\"))) flag++;\nif (qpkg_check(package:\"media-tv/dvbstreamer\", unaffected:make_list(\"ge 1.1-r1\"), vulnerable:make_list(\"lt 1.1-r1\"))) flag++;\nif (qpkg_check(package:\"app-misc/beanstalkd\", unaffected:make_list(\"ge 1.4.6\"), vulnerable:make_list(\"lt 1.4.6\"))) flag++;\nif (qpkg_check(package:\"net-misc/iputils\", unaffected:make_list(\"ge 20100418\"), vulnerable:make_list(\"lt 20100418\"))) flag++;\nif (qpkg_check(package:\"dev-util/sourcenav\", unaffected:make_list(\"ge 5.1.4\"), vulnerable:make_list(\"lt 5.1.4\"))) flag++;\nif (qpkg_check(package:\"x11-libs/gtk+\", unaffected:make_list(\"ge 2.18.7\"), vulnerable:make_list(\"lt 2.18.7\"))) flag++;\nif (qpkg_check(package:\"sys-auth/pam_krb5\", unaffected:make_list(\"ge 4.3\"), vulnerable:make_list(\"lt 4.3\"))) flag++;\nif (qpkg_check(package:\"dev-lang/tk\", unaffected:make_list(\"ge 8.4.18-r1\"), vulnerable:make_list(\"lt 8.4.18-r1\"))) flag++;\nif (qpkg_check(package:\"x11-misc/slim\", unaffected:make_list(\"ge 1.3.2\"), vulnerable:make_list(\"lt 1.3.2\"))) flag++;\nif (qpkg_check(package:\"dev-perl/perl-tk\", unaffected:make_list(\"ge 804.028-r2\"), vulnerable:make_list(\"lt 804.028-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-arch/gzip / kde-base/kget / dev-libs/liblzw / kde-base/kdm / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:29", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-12-11T00:00:00", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3005", "CVE-2007-2741", "CVE-2008-0553", "CVE-2008-1382", "CVE-2008-5907", "CVE-2008-6218", "CVE-2008-6661", "CVE-2009-0040", "CVE-2009-0360", "CVE-2009-0361", "CVE-2009-0946", "CVE-2009-2042", "CVE-2009-2624", "CVE-2009-3736", "CVE-2009-4029", "CVE-2009-4411", "CVE-2009-4896", "CVE-2010-0001", "CVE-2010-0436", "CVE-2010-0732", "CVE-2010-0829", "CVE-2010-1000", "CVE-2010-1205", "CVE-2010-1511", "CVE-2010-2056", "CVE-2010-2060", "CVE-2010-2192", "CVE-2010-2251", "CVE-2010-2529", "CVE-2010-2809", "CVE-2010-2945"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-08", "href": "https://security.gentoo.org/glsa/201412-08", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
[SECURITY] Fedora 12 Update: uzbl-0-0.16.20100626gitafc0f873e.fc12
