[SECURITY] Fedora 16 Update: smokeping-2.4.2-16.fc16

2012-01-31T21:56:18

Description

SmokePing is a latency logging and graphing system. It consists of a daemon process which organizes the latency measurements and a CGI which presents the graphs.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	16	smokeping	2.4.2

{"id": "FEDORA:6A55620C7B", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 16 Update: smokeping-2.4.2-16.fc16", "description": "SmokePing is a latency logging and graphing system. It consists of a daemon process which organizes the latency measurements and a CGI which presents the graphs. ", "published": "2012-01-31T21:56:18", "modified": "2012-01-31T21:56:18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ISAVTYJXCRTKXZX52B6P3INUXFW4HFGM/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2012-0790"], "immutableFields": [], "lastseen": "2020-12-21T08:17:50", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0790"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2651-1:3D9C1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-0790", "DEBIANCVE:CVE-2013-4158"]}, {"type": "fedora", "idList": ["FEDORA:8BCB820CAE", "FEDORA:8CB592296A", "FEDORA:A789A21BB5"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2651.NASL", "FEDORA_2012-0801.NASL", "FEDORA_2012-0813.NASL", "FEDORA_2013-14261.NASL", "FEDORA_2013-14278.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863705", "OPENVAS:1361412562310864092", "OPENVAS:1361412562310866457", "OPENVAS:1361412562310866804", "OPENVAS:1361412562310892651", "OPENVAS:863705", "OPENVAS:864092", "OPENVAS:866457", "OPENVAS:866804", "OPENVAS:892651"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29364", "SECURITYVULNS:VULN:13053"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0790"]}]}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-0790"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2651-1:3D9C1"]}, {"type": "nessus", "idList": ["FEDORA_2012-0801.NASL", "FEDORA_2013-14261.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:863705"]}]}, "exploitation": null, "vulnersScore": 5.5}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "16", "arch": "any", "packageName": "smokeping", "packageVersion": "2.4.2", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "SmokePing is a latency logging and graphing system. It consists of a daemon process which organizes the latency measurements and a CGI which presents the graphs. ", "cvss3": {}, "published": "2012-01-31T22:00:48", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: smokeping-2.4.2-13.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790"], "modified": "2012-01-31T22:00:48", "id": "FEDORA:8BCB820CAE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IDUR2DHPPK4R7QB7Z5D2ICEQZ3OB4R6R/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "SmokePing is a latency logging and graphing system. It consists of a daemon process which organizes the latency measurements and a CGI which presents the graphs. ", "cvss3": {}, "published": "2013-08-15T02:45:24", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: smokeping-2.6.9-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2013-08-15T02:45:24", "id": "FEDORA:A789A21BB5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AVYFE7EBZ73I4UMT3HHEC3G5T4MWFP3V/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "SmokePing is a latency logging and graphing system. It consists of a daemon process which organizes the latency measurements and a CGI which presents the graphs. ", "cvss3": {}, "published": "2013-08-15T02:49:30", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: smokeping-2.6.9-1.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2013-08-15T02:49:30", "id": "FEDORA:8CB592296A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KSWO74SMUR7EI5SMYJB4Q2QSWCBV6NEX/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-08-19T12:59:10", "description": "Backport of security issue resolved in smokeping 2.6.7.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-01T00:00:00", "type": "nessus", "title": "Fedora 16 : smokeping-2.4.2-16.fc16 (2012-0801)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:smokeping", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-0801.NASL", "href": "https://www.tenable.com/plugins/nessus/57755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0801.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57755);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0790\");\n script_bugtraq_id(51584);\n script_xref(name:\"FEDORA\", value:\"2012-0801\");\n\n script_name(english:\"Fedora 16 : smokeping-2.4.2-16.fc16 (2012-0801)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Backport of security issue resolved in smokeping 2.6.7.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=783584\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072629.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed6646c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected smokeping package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smokeping\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"smokeping-2.4.2-16.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smokeping\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:55:48", "description": "A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the 'displaymode'parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-21T00:00:00", "type": "nessus", "title": "Debian DSA-2651-1 : smokeping - XSS vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:smokeping", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2651.NASL", "href": "https://www.tenable.com/plugins/nessus/65635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2651. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65635);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0790\");\n script_bugtraq_id(51584);\n script_xref(name:\"DSA\", value:\"2651\");\n\n script_name(english:\"Debian DSA-2651-1 : smokeping - XSS vulnerability\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the\n'displaymode'parameter was not properly sanitized. An attacker could\nuse this flaw to execute arbitrary HTML and script code in a user's\nbrowser session in the context of an affected site.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/smokeping\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2651\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the smokeping packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.6-5+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:smokeping\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"smokeping\", reference:\"2.3.6-5+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:59:10", "description": "Backport of security issue resolved in smokeping 2.6.7.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-01T00:00:00", "type": "nessus", "title": "Fedora 15 : smokeping-2.4.2-13.fc15 (2012-0813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:smokeping", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-0813.NASL", "href": "https://www.tenable.com/plugins/nessus/57756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0813.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57756);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0790\");\n script_bugtraq_id(51584);\n script_xref(name:\"FEDORA\", value:\"2012-0813\");\n\n script_name(english:\"Fedora 15 : smokeping-2.4.2-13.fc15 (2012-0813)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Backport of security issue resolved in smokeping 2.6.7.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=783584\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072653.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc677de9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected smokeping package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smokeping\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"smokeping-2.4.2-13.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smokeping\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:53:26", "description": "Update to latest upstream release smokeping 2.6.9. The update contains an important security fix, correcting a cross-site scripting flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-08-15T00:00:00", "type": "nessus", "title": "Fedora 19 : smokeping-2.6.9-1.fc19 (2013-14278)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:smokeping", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-14278.NASL", "href": "https://www.tenable.com/plugins/nessus/69360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14278.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69360);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0790\", \"CVE-2013-4158\", \"CVE-2013-4168\");\n script_xref(name:\"FEDORA\", value:\"2013-14278\");\n\n script_name(english:\"Fedora 19 : smokeping-2.6.9-1.fc19 (2013-14278)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream release smokeping 2.6.9. The update contains\nan important security fix, correcting a cross-site scripting flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=986521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=987181\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc559e2c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected smokeping package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smokeping\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"smokeping-2.6.9-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smokeping\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:53:26", "description": "Update to latest upstream release smokeping 2.6.9. The update contains an important security fix, correcting a cross-site scripting flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-08-15T00:00:00", "type": "nessus", "title": "Fedora 18 : smokeping-2.6.9-1.fc18 (2013-14261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:smokeping", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-14261.NASL", "href": "https://www.tenable.com/plugins/nessus/69359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14261.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69359);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0790\", \"CVE-2013-4158\", \"CVE-2013-4168\");\n script_xref(name:\"FEDORA\", value:\"2013-14261\");\n\n script_name(english:\"Fedora 18 : smokeping-2.6.9-1.fc18 (2013-14261)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream release smokeping 2.6.9. The update contains\nan important security fix, correcting a cross-site scripting flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=986521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=987181\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8fe6e0ae\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected smokeping package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smokeping\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"smokeping-2.6.9-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smokeping\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:55:54", "description": "Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping\n2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to\ninject arbitrary web script or HTML via the displaymode parameter.", "cvss3": {}, "published": "2012-01-24T00:00:00", "type": "ubuntucve", "title": "CVE-2012-0790", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790"], "modified": "2012-01-24T00:00:00", "id": "UB:CVE-2012-0790", "href": "https://ubuntu.com/security/CVE-2012-0790", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:38:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2012-0801", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864092", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864092", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2012-0801\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072629.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864092\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:14:04 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0790\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-0801\");\n script_name(\"Fedora Update for smokeping FEDORA-2012-0801\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'smokeping'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"smokeping on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.4.2~16.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-02-01T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2012-0813", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863705", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863705", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2012-0813\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072653.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863705\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:31:42 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2012-0790\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-0813\");\n script_name(\"Fedora Update for smokeping FEDORA-2012-0813\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'smokeping'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"smokeping on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.4.2~13.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:51:42", "description": "A cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the displaymode \n\nparameter was not properly sanitized. An attacker could use this flaw to\nexecute arbitrary HTML and script code in a user's browser session in\nthe context of an affected site.", "cvss3": {}, "published": "2013-03-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892651", "href": "http://plugins.openvas.org/nasl.php?oid=892651", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2651.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2651-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"smokeping on Debian Linux\";\ntag_insight = \"SmokePing consists of a daemon process which organizes the\nlatency measurements and a CGI which presents the graphs.\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.6-5+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.7-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.7-1.\n\nWe recommend that you upgrade your smokeping packages.\";\ntag_summary = \"A cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the displaymode \n\nparameter was not properly sanitized. An attacker could use this flaw to\nexecute arbitrary HTML and script code in a user's browser session in\nthe context of an affected site.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892651);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-0790\");\n script_name(\"Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-03-20 00:00:00 +0100 (Wed, 20 Mar 2013)\");\n script_tag(name: \"cvss_base\", value:\"4.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2651.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"smokeping\", ver:\"2.3.6-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"smokeping\", ver:\"2.6.7-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:57", "description": "Check for the Version of smokeping", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2012-0801", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:864092", "href": "http://plugins.openvas.org/nasl.php?oid=864092", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2012-0801\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"smokeping on Fedora 16\";\ntag_insight = \"SmokePing is a latency logging and graphing system. It consists of a\n daemon process which organizes the latency measurements and a CGI\n which presents the graphs.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072629.html\");\n script_id(864092);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:14:04 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0790\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-0801\");\n script_name(\"Fedora Update for smokeping FEDORA-2012-0801\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of smokeping\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.4.2~16.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:12", "description": "A cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the displaymode\n\nparameter was not properly sanitized. An attacker could use this flaw to\nexecute arbitrary HTML and script code in a user", "cvss3": {}, "published": "2013-03-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892651", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2651.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2651-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892651\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-0790\");\n script_name(\"Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-20 00:00:00 +0100 (Wed, 20 Mar 2013)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2651.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"smokeping on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.6-5+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.7-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.7-1.\n\nWe recommend that you upgrade your smokeping packages.\");\n script_tag(name:\"summary\", value:\"A cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the displaymode\n\nparameter was not properly sanitized. An attacker could use this flaw to\nexecute arbitrary HTML and script code in a user's browser session in\nthe context of an affected site.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"smokeping\", ver:\"2.3.6-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smokeping\", ver:\"2.6.7-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-02T10:58:18", "description": "Check for the Version of smokeping", "cvss3": {}, "published": "2012-02-01T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2012-0813", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:863705", "href": "http://plugins.openvas.org/nasl.php?oid=863705", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2012-0813\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"smokeping on Fedora 15\";\ntag_insight = \"SmokePing is a latency logging and graphing system. It consists of a\n daemon process which organizes the latency measurements and a CGI\n which presents the graphs.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072653.html\");\n script_id(863705);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:31:42 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2012-0790\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-0813\");\n script_name(\"Fedora Update for smokeping FEDORA-2012-0813\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of smokeping\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.4.2~13.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-26T11:09:29", "description": "Check for the Version of smokeping", "cvss3": {}, "published": "2013-08-16T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2013-14261", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2018-01-25T00:00:00", "id": "OPENVAS:866457", "href": "http://plugins.openvas.org/nasl.php?oid=866457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2013-14261\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866457);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-16 08:58:43 +0530 (Fri, 16 Aug 2013)\");\n script_cve_id(\"CVE-2013-4158\", \"CVE-2012-0790\", \"CVE-2013-4168\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for smokeping FEDORA-2013-14261\");\n\n tag_insight = \"SmokePing is a latency logging and graphing system. It consists of a\ndaemon process which organizes the latency measurements and a CGI\nwhich presents the graphs.\n\";\n\n tag_affected = \"smokeping on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14261\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of smokeping\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.6.9~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-18T11:09:39", "description": "Check for the Version of smokeping", "cvss3": {}, "published": "2013-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2013-14278", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:866804", "href": "http://plugins.openvas.org/nasl.php?oid=866804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2013-14278\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866804);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:28:08 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4158\", \"CVE-2012-0790\", \"CVE-2013-4168\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for smokeping FEDORA-2013-14278\");\n\n tag_insight = \"SmokePing is a latency logging and graphing system. It consists of a\ndaemon process which organizes the latency measurements and a CGI\nwhich presents the graphs.\n\";\n\n tag_affected = \"smokeping on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14278\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of smokeping\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.6.9~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-08-16T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2013-14261", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2013-14261\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866457\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-16 08:58:43 +0530 (Fri, 16 Aug 2013)\");\n script_cve_id(\"CVE-2013-4158\", \"CVE-2012-0790\", \"CVE-2013-4168\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for smokeping FEDORA-2013-14261\");\n\n\n script_tag(name:\"affected\", value:\"smokeping on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14261\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'smokeping'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.6.9~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for smokeping FEDORA-2013-14278", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158", "CVE-2013-4168"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smokeping FEDORA-2013-14278\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866804\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:28:08 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4158\", \"CVE-2012-0790\", \"CVE-2013-4168\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for smokeping FEDORA-2013-14278\");\n\n\n script_tag(name:\"affected\", value:\"smokeping on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14278\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'smokeping'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"smokeping\", rpm:\"smokeping~2.6.9~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2651-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nMarch 20, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : smokeping\r\nVulnerability : cross-site scripting vulnerability\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-0790\r\nDebian Bug : 659899\r\n\r\nA cross-site scripting vulnerability was discovered in smokeping, a\r\nlatency logging and graphing system. Input passed to the "displaymode"\r\nparameter was not properly sanitized. An attacker could use this flaw to\r\nexecute arbitrary HTML and script code in a user's browser session in\r\nthe context of an affected site.\r\n \r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.3.6-5+squeeze1.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 2.6.7-1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.6.7-1.\r\n\r\nWe recommend that you upgrade your smokeping packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAlFKNLQACgkQXm3vHE4uylq7CwCgye7/+ER5c0HpU2/5dOBdZuSm\r\nl4gAoKI6RrCumcP3rJDtlDO9mJmdYZUB\r\n=aqLM\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2013-05-06T00:00:00", "title": "[SECURITY] [DSA 2651-1] smokeping security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-0790"], "modified": "2013-05-06T00:00:00", "id": "SECURITYVULNS:DOC:29364", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29364", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:45:23", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2013-05-06T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-3242", "CVE-2013-2631", "CVE-2013-2267", "CVE-2013-2504", "CVE-2012-0790", "CVE-2013-0232", "CVE-2013-3239", "CVE-2013-0332", "CVE-2013-2594", "CVE-2013-1420", "CVE-2013-2945", "CVE-2013-2712", "CVE-2013-2750", "CVE-2013-1842", "CVE-2013-2714", "CVE-2013-3238", "CVE-2013-1904", "CVE-2013-2559", "CVE-2013-2582", "CVE-2013-1843", "CVE-2013-2713", "CVE-2013-2474", "CVE-2012-6096", "CVE-2013-1814"], "modified": "2013-05-06T00:00:00", "id": "SECURITYVULNS:VULN:13053", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13053", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2021-12-09T00:06:32", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2651-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nMarch 20, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : smokeping\nVulnerability : cross-site scripting vulnerability\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0790\nDebian Bug : 659899\n\nA cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the "displaymode"\nparameter was not properly sanitized. An attacker could use this flaw to\nexecute arbitrary HTML and script code in a user's browser session in\nthe context of an affected site.\n \nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.6-5+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.7-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.7-1.\n\nWe recommend that you upgrade your smokeping packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-03-20T22:15:24", "type": "debian", "title": "[SECURITY] [DSA 2651-1] smokeping security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790"], "modified": "2013-03-20T22:15:24", "id": "DEBIAN:DSA-2651-1:3D9C1", "href": "https://lists.debian.org/debian-security-announce/2013/msg00059.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-07-04T06:02:23", "description": "Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.", "cvss3": {}, "published": "2012-01-24T18:55:00", "type": "debiancve", "title": "CVE-2012-0790", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790"], "modified": "2012-01-24T18:55:00", "id": "DEBIANCVE:CVE-2012-0790", "href": "https://security-tracker.debian.org/tracker/CVE-2012-0790", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-04T06:02:23", "description": "smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-12-11T13:15:00", "type": "debiancve", "title": "CVE-2013-4158", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158"], "modified": "2019-12-11T13:15:00", "id": "DEBIANCVE:CVE-2013-4158", "href": "https://security-tracker.debian.org/tracker/CVE-2013-4158", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-07-04T04:58:49", "description": "\nA cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the displaymode\nparameter was not properly sanitized. An attacker could use this flaw to\nexecute arbitrary HTML and script code in a user's browser session in\nthe context of an affected site.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.6-5+squeeze1.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.7-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.7-1.\n\n\nWe recommend that you upgrade your smokeping packages.\n\n\n", "cvss3": {}, "published": "2013-03-20T00:00:00", "type": "osv", "title": "smokeping - cross-site scripting vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790"], "modified": "2022-07-04T02:55:09", "id": "OSV:DSA-2651-1", "href": "https://osv.dev/vulnerability/DSA-2651-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T11:47:38", "description": "Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.", "cvss3": {}, "published": "2012-01-24T18:55:00", "type": "cve", "title": "CVE-2012-0790", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790"], "modified": "2012-01-25T05:00:00", "cpe": ["cpe:/a:oetiker:smokeping:2.3.2", "cpe:/a:oetiker:smokeping:2.6.4", "cpe:/a:oetiker:smokeping:0.99.10", "cpe:/a:oetiker:smokeping:1.28", "cpe:/a:oetiker:smokeping:2.3.5", "cpe:/a:oetiker:smokeping:2.2.7", "cpe:/a:oetiker:smokeping:2.3.4", "cpe:/a:oetiker:smokeping:1.26", "cpe:/a:oetiker:smokeping:2.0.8", "cpe:/a:oetiker:smokeping:1.13", "cpe:/a:oetiker:smokeping:1.17", "cpe:/a:oetiker:smokeping:2.1.0", "cpe:/a:oetiker:smokeping:0.99.15", "cpe:/a:oetiker:smokeping:1.15", "cpe:/a:oetiker:smokeping:1.2", "cpe:/a:oetiker:smokeping:1.0", "cpe:/a:oetiker:smokeping:1.7", "cpe:/a:oetiker:smokeping:1.19", "cpe:/a:oetiker:smokeping:2.0.1", "cpe:/a:oetiker:smokeping:1.20", "cpe:/a:oetiker:smokeping:2.0.0", "cpe:/a:oetiker:smokeping:0.99.16", "cpe:/a:oetiker:smokeping:1.11", "cpe:/a:oetiker:smokeping:2.4.2", "cpe:/a:oetiker:smokeping:2.4.1", "cpe:/a:oetiker:smokeping:2.6.1", "cpe:/a:oetiker:smokeping:2.0.7", "cpe:/a:oetiker:smokeping:1.29", "cpe:/a:oetiker:smokeping:2.0.5", "cpe:/a:oetiker:smokeping:2.2.2", "cpe:/a:oetiker:smokeping:1.18", "cpe:/a:oetiker:smokeping:1.5", "cpe:/a:oetiker:smokeping:2.2.5", "cpe:/a:oetiker:smokeping:2.6.5", "cpe:/a:oetiker:smokeping:0.99.17", "cpe:/a:oetiker:smokeping:2.3.0", "cpe:/a:oetiker:smokeping:2.2.4", "cpe:/a:oetiker:smokeping:0.99.7", "cpe:/a:oetiker:smokeping:2.6.6", "cpe:/a:oetiker:smokeping:0.99.13", "cpe:/a:oetiker:smokeping:1.30", "cpe:/a:oetiker:smokeping:1.23", "cpe:/a:oetiker:smokeping:1.25", "cpe:/a:oetiker:smokeping:1.12", "cpe:/a:oetiker:smokeping:2.6.0", "cpe:/a:oetiker:smokeping:2.6.3", "cpe:/a:oetiker:smokeping:2.1.1", "cpe:/a:oetiker:smokeping:1.38", "cpe:/a:oetiker:smokeping:2.6.2", "cpe:/a:oetiker:smokeping:1.9", "cpe:/a:oetiker:smokeping:1.22", "cpe:/a:oetiker:smokeping:2.5.0", "cpe:/a:oetiker:smokeping:1.10", "cpe:/a:oetiker:smokeping:2.5.1", "cpe:/a:oetiker:smokeping:2.0.6", "cpe:/a:oetiker:smokeping:2.0", "cpe:/a:oetiker:smokeping:2.3.3", "cpe:/a:oetiker:smokeping:1.34", "cpe:/a:oetiker:smokeping:1.1", "cpe:/a:oetiker:smokeping:2.3.6", "cpe:/a:oetiker:smokeping:2.0.2", "cpe:/a:oetiker:smokeping:1.21", "cpe:/a:oetiker:smokeping:2.3.1", "cpe:/a:oetiker:smokeping:0.99.5", "cpe:/a:oetiker:smokeping:2.2.0", "cpe:/a:oetiker:smokeping:1.16", "cpe:/a:oetiker:smokeping:0.99.11", "cpe:/a:oetiker:smokeping:2.4.0", "cpe:/a:oetiker:smokeping:0.99.14", "cpe:/a:oetiker:smokeping:0.99.8", "cpe:/a:oetiker:smokeping:0.99.9", "cpe:/a:oetiker:smokeping:2.0.4", "cpe:/a:oetiker:smokeping:1.36", "cpe:/a:oetiker:smokeping:1.4", "cpe:/a:oetiker:smokeping:2.2.6", "cpe:/a:oetiker:smokeping:1.6", "cpe:/a:oetiker:smokeping:2.2.3", "cpe:/a:oetiker:smokeping:1.24", "cpe:/a:oetiker:smokeping:0.99.12", "cpe:/a:oetiker:smokeping:0.99.18", "cpe:/a:oetiker:smokeping:1.31", "cpe:/a:oetiker:smokeping:2.2.1", "cpe:/a:oetiker:smokeping:1.14", "cpe:/a:oetiker:smokeping:1.37", "cpe:/a:oetiker:smokeping:1.27", "cpe:/a:oetiker:smokeping:0.99.6", "cpe:/a:oetiker:smokeping:1.3", "cpe:/a:oetiker:smokeping:1.8", "cpe:/a:oetiker:smokeping:2.0.3", "cpe:/a:oetiker:smokeping:2.0.9"], "id": "CVE-2012-0790", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0790", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oetiker:smokeping:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.14:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.9:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.23:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.17:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.10:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.7:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.10:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.22:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.11:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.31:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.27:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.16:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.16:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.38:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.29:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.36:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.30:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.14:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.17:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.12:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.26:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.25:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.15:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.15:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.24:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.37:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.20:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.28:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.18:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.13:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.34:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.8:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:oetiker:smokeping:2.3.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:25:26", "description": "smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-12-11T13:15:00", "type": "cve", "title": "CVE-2013-4158", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0790", "CVE-2013-4158"], "modified": "2019-12-17T17:01:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:18", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:19"], "id": "CVE-2013-4158", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4158", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}]}

[SECURITY] Fedora 16 Update: smokeping-2.4.2-16.fc16

Description

Affected Package

Related