ID 69098C5C-FC4B-11E2-8AD0-00262D5ED8EE Type freebsd Reporter FreeBSD Modified 2013-07-30T00:00:00
Description
Google Chrome Releases reports:
Eleven vulnerabilities, including:
[257748] Medium CVE-2013-2881: Origin bypass in frame handling.
Credit to Karthik Bhargavan.
[260106] High CVE-2013-2882: Type confusion in V8. Credit to
Cloudfuzzer.
[260165] High CVE-2013-2883: Use-after-free in MutationObserver.
Credit to Cloudfuzzer.
[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan
Fratric of Google Security Team.
[249640] [257353] High CVE-2013-2885: Use-after-free in input
handling. Credit to Ivan Fratric of Google Security Team.
[261701] High CVE-2013-2886: Various fixes from internal audits,
fuzzing and other initiatives.
{"reporter": "FreeBSD", "published": "2013-07-30T00:00:00", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "title": "chromium -- multiple vulnerabilities", "objectVersion": "1.2", "type": "freebsd", "hash": "167b6dfb60d576826a28a72a0004450e90abde47f52d54c3043a8fff46e8716c", "href": "https://vuxml.freebsd.org/freebsd/69098c5c-fc4b-11e2-8ad0-00262d5ed8ee.html", "bulletinFamily": "unix", "hashmap": [{"hash": "dc530ce57095ad92ecc2231f1439a43f", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "9364a78e93dee510faa1dbea057c38fd", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "d19398ab9412423ee45d7603cb1ac941", "key": "description"}, {"hash": "88d8ed8dc4a354ba61f85399e1a7ec66", "key": "href"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "c0f4eb9c3a6fbdcb45edd1aeb24d9e09", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "f2fc86205bbdcc937de18a4d12929cf8", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "history": [], "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "modified": "2013-07-30T00:00:00", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "28.0.1500.95", "operator": "lt", "packageName": "chromium", "arch": "noarch", "packageFilename": "UNKNOWN"}], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "viewCount": 2, "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\nEleven vulnerabilities, including:\n[257748] Medium CVE-2013-2881: Origin bypass in frame handling.\n\t Credit to Karthik Bhargavan.\n[260106] High CVE-2013-2882: Type confusion in V8. Credit to\n\t Cloudfuzzer.\n[260165] High CVE-2013-2883: Use-after-free in MutationObserver.\n\t Credit to Cloudfuzzer.\n[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan\n\t Fratric of Google Security Team.\n[249640] [257353] High CVE-2013-2885: Use-after-free in input\n\t handling. Credit to Ivan Fratric of Google Security Team.\n[261701] High CVE-2013-2886: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n", "references": ["http://www.googlechromereleases.blogspot.nl/"], "id": "69098C5C-FC4B-11E2-8AD0-00262D5ED8EE", "lastseen": "2016-09-26T17:24:28"}
{"debian": [{"lastseen": "2018-10-18T13:50:05", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "28.0.1500.95-1~deb7u1", "arch": "all", "packageFilename": "chromium-browser_28.0.1500.95-1~deb7u1_all.deb", "packageName": "chromium-browser", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2732-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nJuly 31, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 \n CVE-2013-2885 CVE-2013-2886\n\nSeveral vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2881\n\n Karthik Bhargavan discovered a way to bypass the Same Origin Policy\n in frame handling.\n\nCVE-2013-2882\n\n Cloudfuzzer discovered a type confusion issue in the V8 javascript\n library.\n\nCVE-2013-2883\n\n Cloudfuzzer discovered a use-after-free issue in MutationObserver.\n\nCVE-2013-2884\n\n Ivan Fratric of the Google Security Team discovered a use-after-free\n issue in the DOM implementation.\n\nCVE-2013-2885\n\n Ivan Fratric of the Google Security Team discovered a use-after-free\n issue in input handling.\n\nCVE-2013-2886\n\n The chrome 28 development team found various issues from internal\n fuzzing, audits, and other studies.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 28.0.1500.95-1~deb7u1.\n\nFor the testing distribution (jessie), these problems wil be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 28.0.1500.95-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2013-08-03T00:11:03", "title": "[SECURITY] [DSA 2732-1] chromium-browser security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:05", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2013-08-03T00:11:03", "id": "DEBIAN:DSA-2732-1:2FDE9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00143.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-10-22T16:37:35", "references": ["https://googlechromereleases.blogspot.in/2013/07/stable-channel-update_30.html", "http://www.google.com/chrome"], "pluginID": "1361412562310809069", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-19T00:00:00", "title": "Google Chrome Security Updates(stable-channel-update_30-2013-07)-Linux", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310809069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809069", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_stable-channel-update_30-2013-07_lin.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Google Chrome Security Updates(stable-channel-update_30-2013-07)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809069\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\",\n \"CVE-2013-2885\", \"CVE-2013-2886\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-19 11:28:07 +0530 (Wed, 19 Oct 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_30-2013-07)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - An origin bypass error in frame handling.\n\n - A type confusion error in Google V8.\n\n - An use-after-free error in MutationObserver.\n\n - An use-after-free in DOM implementation.\n\n - An use-after-free in input handling.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to cause a denial of service\n or possibly have unspecified other impact and to bypass security.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 28.0.1500.95 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 28.0.1500.95 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2013/07/stable-channel-update_30.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"28.0.1500.95\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"28.0.1500.95\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:52:02", "references": ["http://www.debian.org/security/2013/dsa-2732.html"], "pluginID": "892732", "description": "Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2881 \nKarthik Bhargavan discovered a way to bypass the Same Origin Policy\nin frame handling.\n\nCVE-2013-2882 \nCloudfuzzer discovered a type confusion issue in the V8 javascript\nlibrary.\n\nCVE-2013-2883 \nCloudfuzzer discovered a use-after-free issue in MutationObserver.\n\nCVE-2013-2884 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in the DOM implementation.\n\nCVE-2013-2885 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in input handling.\n\nCVE-2013-2886 \nThe chrome 28 development team found various issues from internal\nfuzzing, audits, and other studies.", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-07-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 2732-1 (chromium-browser - several vulnerabilities)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892732", "id": "OPENVAS:892732", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2732.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2732-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 28.0.1500.95-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 28.0.1500.95-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2881 \nKarthik Bhargavan discovered a way to bypass the Same Origin Policy\nin frame handling.\n\nCVE-2013-2882 \nCloudfuzzer discovered a type confusion issue in the V8 javascript\nlibrary.\n\nCVE-2013-2883 \nCloudfuzzer discovered a use-after-free issue in MutationObserver.\n\nCVE-2013-2884 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in the DOM implementation.\n\nCVE-2013-2885 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in input handling.\n\nCVE-2013-2886 \nThe chrome 28 development team found various issues from internal\nfuzzing, audits, and other studies.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892732);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2883\", \"CVE-2013-2886\", \"CVE-2013-2882\", \"CVE-2013-2881\");\n script_name(\"Debian Security Advisory DSA 2732-1 (chromium-browser - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-07-31 00:00:00 +0200 (Wed, 31 Jul 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2732.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:36:52", "references": ["https://googlechromereleases.blogspot.in/2013/07/stable-channel-update_30.html", "http://www.google.com/chrome"], "pluginID": "1361412562310809068", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-19T00:00:00", "title": "Google Chrome Security Updates(stable-channel-update_30-2013-07)-Windows", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310809068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809068", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_stable-channel-update_30-2013-07_win.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Google Chrome Security Updates(stable-channel-update_30-2013-07)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809068\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\",\n \"CVE-2013-2885\", \"CVE-2013-2886\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-19 11:28:07 +0530 (Wed, 19 Oct 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_30-2013-07)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - An origin bypass error in frame handling.\n\n - A type confusion error in Google V8.\n\n - An use-after-free error in MutationObserver.\n\n - An use-after-free in DOM implementation.\n\n - An use-after-free in input handling.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to cause a denial of service\n or possibly have unspecified other impact and to bypass security.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 28.0.1500.95 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 28.0.1500.95 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2013/07/stable-channel-update_30.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"28.0.1500.95\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"28.0.1500.95\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:37:40", "references": ["https://googlechromereleases.blogspot.in/2013/07/stable-channel-update_30.html", "http://www.google.com/chrome"], "pluginID": "1361412562310809070", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-19T00:00:00", "title": "Google Chrome Security Updates(stable-channel-update_30-2013-07)-MAC OS X", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310809070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809070", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_stable-channel-update_30-2013-07_macosx.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Google Chrome Security Updates(stable-channel-update_30-2013-07)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809070\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\",\n \"CVE-2013-2885\", \"CVE-2013-2886\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-19 11:28:07 +0530 (Wed, 19 Oct 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_30-2013-07)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - An origin bypass error in frame handling.\n\n - A type confusion error in Google V8.\n\n - An use-after-free error in MutationObserver.\n\n - An use-after-free in DOM implementation.\n\n - An use-after-free in input handling.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to cause a denial of service\n or possibly have unspecified other impact and to bypass security.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 28.0.1500.95 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 28.0.1500.95 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2013/07/stable-channel-update_30.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"28.0.1500.95\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"28.0.1500.95\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:56", "references": ["http://www.debian.org/security/2013/dsa-2732.html"], "pluginID": "1361412562310892732", "description": "Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2881 \nKarthik Bhargavan discovered a way to bypass the Same Origin Policy\nin frame handling.\n\nCVE-2013-2882 \nCloudfuzzer discovered a type confusion issue in the V8 javascript\nlibrary.\n\nCVE-2013-2883 \nCloudfuzzer discovered a use-after-free issue in MutationObserver.\n\nCVE-2013-2884 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in the DOM implementation.\n\nCVE-2013-2885 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in input handling.\n\nCVE-2013-2886 \nThe chrome 28 development team found various issues from internal\nfuzzing, audits, and other studies.", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-07-31T00:00:00", "title": "Debian Security Advisory DSA 2732-1 (chromium-browser - several vulnerabilities)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310892732", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892732", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2732.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2732-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 28.0.1500.95-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 28.0.1500.95-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the Chromium web browser.\n\nCVE-2013-2881 \nKarthik Bhargavan discovered a way to bypass the Same Origin Policy\nin frame handling.\n\nCVE-2013-2882 \nCloudfuzzer discovered a type confusion issue in the V8 javascript\nlibrary.\n\nCVE-2013-2883 \nCloudfuzzer discovered a use-after-free issue in MutationObserver.\n\nCVE-2013-2884 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in the DOM implementation.\n\nCVE-2013-2885 \nIvan Fratric of the Google Security Team discovered a use-after-free\nissue in input handling.\n\nCVE-2013-2886 \nThe chrome 28 development team found various issues from internal\nfuzzing, audits, and other studies.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892732\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2883\", \"CVE-2013-2886\", \"CVE-2013-2882\", \"CVE-2013-2881\");\n script_name(\"Debian Security Advisory DSA 2732-1 (chromium-browser - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-07-31 00:00:00 +0200 (Wed, 31 Jul 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2732.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"28.0.1500.95-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:10", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113963.html", "2013-14176"], "pluginID": "1361412562310866502", "description": "Check for the Version of v8", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-08-20T00:00:00", "title": "Fedora Update for v8 FEDORA-2013-14176", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310866502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2013-14176\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866502\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:11:41 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2882\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for v8 FEDORA-2013-14176\");\n\n tag_insight = \"V8 is Google's open source JavaScript engine. V8 is written in C++ and is used\nin Google Chrome, the open source browser from Google. V8 implements ECMAScript\nas specified in ECMA-262, 3rd edition.\n\";\n\n tag_affected = \"v8 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14176\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113963.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of v8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:51:42", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113963.html", "2013-14176"], "pluginID": "866502", "description": "Check for the Version of v8", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-08-20T00:00:00", "title": "Fedora Update for v8 FEDORA-2013-14176", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866502", "id": "OPENVAS:866502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2013-14176\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866502);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:11:41 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2882\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for v8 FEDORA-2013-14176\");\n\n tag_insight = \"V8 is Google's open source JavaScript engine. V8 is written in C++ and is used\nin Google Chrome, the open source browser from Google. V8 implements ECMAScript\nas specified in ECMA-262, 3rd edition.\n\";\n\n tag_affected = \"v8 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14176\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113963.html\");\n script_summary(\"Check for the Version of v8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:54", "references": ["2013-23437", "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125007.html"], "pluginID": "1361412562310867204", "description": "Check for the Version of v8", "edition": 3, "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "published": "2013-12-30T00:00:00", "title": "Fedora Update for v8 FEDORA-2013-23437", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-6639", "CVE-2013-6640"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310867204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2013-23437\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867204\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-30 12:18:32 +0530 (Mon, 30 Dec 2013)\");\n script_cve_id(\"CVE-2013-6640\", \"CVE-2013-6639\", \"CVE-2013-2882\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for v8 FEDORA-2013-23437\");\n\n tag_insight = \"V8 is Google's open source JavaScript engine. V8 is written in C++ and is used\nin Google Chrome, the open source browser from Google. V8 implements ECMAScript\nas specified in ECMA-262, 3rd edition.\n\";\n\n tag_affected = \"v8 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23437\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125007.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of v8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:52", "references": ["2014-4081", "https://lists.fedoraproject.org/pipermail/package-announce/2014-April/130940.html"], "pluginID": "867635", "description": "Check for the Version of v8", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-04-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for v8 FEDORA-2014-4081", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2014-1704", "CVE-2013-6640"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867635", "id": "OPENVAS:867635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2014-4081\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867635);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 09:10:00 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-1704\", \"CVE-2013-6640\", \"CVE-2013-2882\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for v8 FEDORA-2014-4081\");\n\n tag_insight = \"V8 is Google's open source JavaScript engine. V8 is written in C++ and is used\nin Google Chrome, the open source browser from Google. V8 implements ECMAScript\nas specified in ECMA-262, 3rd edition.\n\";\n\n tag_affected = \"v8 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4081\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/130940.html\");\n script_summary(\"Check for the Version of v8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~7.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:24", "references": ["2014-4081", "https://lists.fedoraproject.org/pipermail/package-announce/2014-April/130940.html"], "pluginID": "1361412562310867635", "description": "Check for the Version of v8", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-04-03T00:00:00", "title": "Fedora Update for v8 FEDORA-2014-4081", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2014-1704", "CVE-2013-6640"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310867635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2014-4081\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867635\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 09:10:00 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-1704\", \"CVE-2013-6640\", \"CVE-2013-2882\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for v8 FEDORA-2014-4081\");\n\n tag_insight = \"V8 is Google's open source JavaScript engine. V8 is written in C++ and is used\nin Google Chrome, the open source browser from Google. V8 implements ECMAScript\nas specified in ECMA-262, 3rd edition.\n\";\n\n tag_affected = \"v8 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4081\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/130940.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of v8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~7.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-02T00:08:01", "references": ["http://www.nessus.org/u?502d4a51", "http://www.googlechromereleases.blogspot.nl/"], "pluginID": "69214", "description": "Google Chrome Releases reports :\n\nEleven vulnerabilities, including :\n\n[257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan.\n\n[260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.\n\n[260165] High CVE-2013-2883: Use-after-free in MutationObserver.\nCredit to Cloudfuzzer.\n\n[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team.\n\n[249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team.\n\n[261701] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.", "edition": 4, "reporter": "Tenable", "published": "2013-08-05T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (69098c5c-fc4b-11e2-8ad0-00262d5ed8ee)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2013-08-25T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_69098C5CFC4B11E28AD000262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69214);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/08/25 02:35:59 $\");\n\n script_cve_id(\"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2886\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (69098c5c-fc4b-11e2-8ad0-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\nEleven vulnerabilities, including :\n\n[257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit\nto Karthik Bhargavan.\n\n[260106] High CVE-2013-2882: Type confusion in V8. Credit to\nCloudfuzzer.\n\n[260165] High CVE-2013-2883: Use-after-free in MutationObserver.\nCredit to Cloudfuzzer.\n\n[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan\nFratric of Google Security Team.\n\n[249640] [257353] High CVE-2013-2885: Use-after-free in input\nhandling. Credit to Ivan Fratric of Google Security Team.\n\n[261701] High CVE-2013-2886: Various fixes from internal audits,\nfuzzing and other initiatives.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/69098c5c-fc4b-11e2-8ad0-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?502d4a51\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<28.0.1500.95\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-11T12:58:59", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2881", "https://security-tracker.debian.org/tracker/CVE-2013-2886", "https://security-tracker.debian.org/tracker/CVE-2013-2884", "https://security-tracker.debian.org/tracker/CVE-2013-2885", "https://security-tracker.debian.org/tracker/CVE-2013-2882", "https://www.debian.org/security/2013/dsa-2732", "https://packages.debian.org/source/wheezy/chromium-browser", "https://security-tracker.debian.org/tracker/CVE-2013-2883"], "pluginID": "69227", "description": "Several vulnerabilities have been discovered in the Chromium web browser.\n\n - CVE-2013-2881 Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling.\n\n - CVE-2013-2882 Cloudfuzzer discovered a type confusion issue in the V8 JavaScript library.\n\n - CVE-2013-2883 Cloudfuzzer discovered a use-after-free issue in MutationObserver.\n\n - CVE-2013-2884 Ivan Fratric of the Google Security Team discovered a use-after-free issue in the DOM implementation.\n\n - CVE-2013-2885 Ivan Fratric of the Google Security Team discovered a use-after-free issue in input handling.\n\n - CVE-2013-2886 The chrome 28 development team found various issues from internal fuzzing, audits, and other studies.", "edition": 6, "reporter": "Tenable", "published": "2013-08-07T00:00:00", "title": "Debian DSA-2732-1 : chromium-browser - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2732.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69227", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2732. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69227);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2886\");\n script_bugtraq_id(61547, 61548, 61549, 61550, 61551, 61552);\n script_xref(name:\"DSA\", value:\"2732\");\n\n script_name(english:\"Debian DSA-2732-1 : chromium-browser - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Chromium web\nbrowser.\n\n - CVE-2013-2881\n Karthik Bhargavan discovered a way to bypass the Same\n Origin Policy in frame handling.\n\n - CVE-2013-2882\n Cloudfuzzer discovered a type confusion issue in the V8\n JavaScript library.\n\n - CVE-2013-2883\n Cloudfuzzer discovered a use-after-free issue in\n MutationObserver.\n\n - CVE-2013-2884\n Ivan Fratric of the Google Security Team discovered a\n use-after-free issue in the DOM implementation.\n\n - CVE-2013-2885\n Ivan Fratric of the Google Security Team discovered a\n use-after-free issue in input handling.\n\n - CVE-2013-2886\n The chrome 28 development team found various issues from\n internal fuzzing, audits, and other studies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2732\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 28.0.1500.95-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"28.0.1500.95-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-16T17:17:44", "references": ["http://www.nessus.org/u?a01ad123"], "pluginID": "69139", "description": "The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.95. It is, therefore, affected by multiple vulnerabilities :\n\n - A cross-origin restriction bypass error exists related to HTML frames. (CVE-2013-2881)\n\n - A type-confusion error exists in the V8 JavaScript engine. (CVE-2013-2882)\n\n - Use-after-free errors exist related to MutationObserver, DOM and input handling.\n (CVE-2013-2883, CVE-2013-2884, CVE-2013-2885)\n\n - Unspecified errors exist with no further details.\n (CVE-2013-2886)", "edition": 6, "reporter": "Tenable", "published": "2013-07-30T00:00:00", "title": "Google Chrome < 28.0.1500.95 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_28_0_1500_95.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69139", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69139);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2013-2881\",\n \"CVE-2013-2882\",\n \"CVE-2013-2883\",\n \"CVE-2013-2884\",\n \"CVE-2013-2885\",\n \"CVE-2013-2886\"\n );\n script_bugtraq_id(61547, 61548, 61549, 61550, 61551, 61552);\n\n script_name(english:\"Google Chrome < 28.0.1500.95 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 28.0.1500.95. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A cross-origin restriction bypass error exists\n related to HTML frames. (CVE-2013-2881)\n\n - A type-confusion error exists in the V8 JavaScript\n engine. (CVE-2013-2882)\n\n - Use-after-free errors exist related to\n MutationObserver, DOM and input handling.\n (CVE-2013-2883, CVE-2013-2884, CVE-2013-2885)\n\n - Unspecified errors exist with no further details.\n (CVE-2013-2886)\");\n # https://chromereleases.googleblog.com/2013/07/stable-channel-update_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a01ad123\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 28.0.1500.95 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'28.0.1500.95', severity:SECURITY_WARNING, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:09:44", "references": ["http://www.nessus.org/u?769d947b", "https://bugzilla.redhat.com/show_bug.cgi?id=991116"], "pluginID": "69358", "description": "This update fixes an issue with Google V8, as used in Google Chrome before 28.0.1500.95, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage 'type confusion.'\n\nPlease note that this issue's impact on Node.js is somewhat lessened since it does not typically execute JavaScript from foreign sources.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-08-15T00:00:00", "title": "Fedora 18 : v8-3.14.5.10-2.fc18 (2013-14205)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:v8"], "id": "FEDORA_2013-14205.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69358", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14205.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69358);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:12:41 $\");\n\n script_cve_id(\"CVE-2013-2882\");\n script_xref(name:\"FEDORA\", value:\"2013-14205\");\n\n script_name(english:\"Fedora 18 : v8-3.14.5.10-2.fc18 (2013-14205)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an issue with Google V8, as used in Google Chrome\nbefore 28.0.1500.95, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via vectors that\nleverage 'type confusion.'\n\nPlease note that this issue's impact on Node.js is somewhat lessened\nsince it does not typically execute JavaScript from foreign sources.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=991116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114077.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?769d947b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"v8-3.14.5.10-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"v8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:02", "references": ["http://www.nessus.org/u?8b568abe", "https://bugzilla.redhat.com/show_bug.cgi?id=991116"], "pluginID": "69357", "description": "This update fixes an issue with Google V8, as used in Google Chrome before 28.0.1500.95, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage 'type confusion.'\n\nPlease note that this issue's impact on Node.js is somewhat lessened since it does not typically execute JavaScript from foreign sources.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-08-15T00:00:00", "title": "Fedora 19 : v8-3.14.5.10-2.fc19 (2013-14176)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2882"], "modified": "2016-05-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:v8"], "id": "FEDORA_2013-14176.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69357", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14176.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69357);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:36:32 $\");\n\n script_cve_id(\"CVE-2013-2882\");\n script_bugtraq_id(61548);\n script_xref(name:\"FEDORA\", value:\"2013-14176\");\n\n script_name(english:\"Fedora 19 : v8-3.14.5.10-2.fc19 (2013-14176)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an issue with Google V8, as used in Google Chrome\nbefore 28.0.1500.95, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via vectors that\nleverage 'type confusion.'\n\nPlease note that this issue's impact on Node.js is somewhat lessened\nsince it does not typically execute JavaScript from foreign sources.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=991116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113963.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b568abe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"v8-3.14.5.10-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"v8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:09", "references": ["http://www.nessus.org/u?2f59319e", "http://www.nessus.org/u?0b9b0b08", "http://www.nessus.org/u?ee73f07e", "https://security.gentoo.org/glsa/201309-16"], "pluginID": "70112", "description": "The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\n Impact :\n\n A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact.\n Workaround :\n\n There is no known workaround at this time.", "edition": 8, "reporter": "Tenable", "published": "2013-09-25T00:00:00", "title": "GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:v8", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201309-16.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201309-16.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70112);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2012-5116\", \"CVE-2012-5117\", \"CVE-2012-5118\", \"CVE-2012-5120\", \"CVE-2012-5121\", \"CVE-2012-5122\", \"CVE-2012-5123\", \"CVE-2012-5124\", \"CVE-2012-5125\", \"CVE-2012-5126\", \"CVE-2012-5127\", \"CVE-2012-5128\", \"CVE-2012-5130\", \"CVE-2012-5132\", \"CVE-2012-5133\", \"CVE-2012-5135\", \"CVE-2012-5136\", \"CVE-2012-5137\", \"CVE-2012-5138\", \"CVE-2012-5139\", \"CVE-2012-5140\", \"CVE-2012-5141\", \"CVE-2012-5142\", \"CVE-2012-5143\", \"CVE-2012-5144\", \"CVE-2012-5145\", \"CVE-2012-5146\", \"CVE-2012-5147\", \"CVE-2012-5148\", \"CVE-2012-5149\", \"CVE-2012-5150\", \"CVE-2012-5151\", \"CVE-2012-5152\", \"CVE-2012-5153\", \"CVE-2012-5154\", \"CVE-2013-0828\", \"CVE-2013-0829\", \"CVE-2013-0830\", \"CVE-2013-0831\", \"CVE-2013-0832\", \"CVE-2013-0833\", \"CVE-2013-0834\", \"CVE-2013-0835\", \"CVE-2013-0836\", \"CVE-2013-0837\", \"CVE-2013-0838\", \"CVE-2013-0839\", \"CVE-2013-0840\", \"CVE-2013-0841\", \"CVE-2013-0842\", \"CVE-2013-0879\", \"CVE-2013-0880\", \"CVE-2013-0881\", \"CVE-2013-0882\", \"CVE-2013-0883\", \"CVE-2013-0884\", \"CVE-2013-0885\", \"CVE-2013-0887\", \"CVE-2013-0888\", \"CVE-2013-0889\", \"CVE-2013-0890\", \"CVE-2013-0891\", \"CVE-2013-0892\", \"CVE-2013-0893\", \"CVE-2013-0894\", \"CVE-2013-0895\", \"CVE-2013-0896\", \"CVE-2013-0897\", \"CVE-2013-0898\", \"CVE-2013-0899\", \"CVE-2013-0900\", \"CVE-2013-0902\", \"CVE-2013-0903\", \"CVE-2013-0904\", \"CVE-2013-0905\", \"CVE-2013-0906\", \"CVE-2013-0907\", \"CVE-2013-0908\", \"CVE-2013-0909\", \"CVE-2013-0910\", \"CVE-2013-0911\", \"CVE-2013-0912\", \"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0919\", \"CVE-2013-0920\", \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\", \"CVE-2013-0925\", \"CVE-2013-0926\", \"CVE-2013-2836\", \"CVE-2013-2837\", \"CVE-2013-2838\", \"CVE-2013-2839\", \"CVE-2013-2840\", \"CVE-2013-2841\", \"CVE-2013-2842\", \"CVE-2013-2843\", \"CVE-2013-2844\", \"CVE-2013-2845\", \"CVE-2013-2846\", \"CVE-2013-2847\", \"CVE-2013-2848\", \"CVE-2013-2849\", \"CVE-2013-2853\", \"CVE-2013-2855\", \"CVE-2013-2856\", \"CVE-2013-2857\", \"CVE-2013-2858\", \"CVE-2013-2859\", \"CVE-2013-2860\", \"CVE-2013-2861\", \"CVE-2013-2862\", \"CVE-2013-2863\", \"CVE-2013-2865\", \"CVE-2013-2867\", \"CVE-2013-2868\", \"CVE-2013-2869\", \"CVE-2013-2870\", \"CVE-2013-2871\", \"CVE-2013-2874\", \"CVE-2013-2875\", \"CVE-2013-2876\", \"CVE-2013-2877\", \"CVE-2013-2878\", \"CVE-2013-2879\", \"CVE-2013-2880\", \"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2886\", \"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\", \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(56413, 56684, 56741, 56903, 58318, 58388, 58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731, 58732, 58733, 58734, 59326, 59327, 59328, 59330, 59331, 59332, 59334, 59336, 59337, 59338, 59339, 59340, 59342, 59343, 59344, 59345, 59346, 59347, 59349, 59351, 59413, 59414, 59415, 59416, 59417, 59418, 59419, 59420, 59422, 59423, 59425, 59427, 59428, 59429, 59430, 59431, 59433, 59435, 59436, 59437, 59438, 59515, 59516, 59518, 59520, 59521, 59522, 59523, 59524, 59680, 59681, 59682, 59683, 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076, 60395, 60396, 60397, 60398, 60399, 60400, 60401, 60403, 60404, 60405, 61046, 61047, 61049, 61050, 61051, 61052, 61054, 61055, 61057, 61059, 61060, 61061, 61547, 61548, 61549, 61550, 61551, 61552, 61885, 61886, 61887, 61888, 61889, 61890, 61891);\n script_xref(name:\"GLSA\", value:\"201309-16\");\n\n script_name(english:\"GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201309-16\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process or a Denial of Service condition. Furthermore, a remote attacker\n may be able to bypass security restrictions or have other, unspecified,\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b9b0b08\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f59319e\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee73f07e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201309-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-29.0.1457.57'\n All V8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.18.5.14'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 29.0.1457.57\"), vulnerable:make_list(\"lt 29.0.1457.57\"))) flag++;\nif (qpkg_check(package:\"dev-lang/v8\", unaffected:make_list(\"ge 3.18.5.14\"), vulnerable:make_list(\"lt 3.18.5.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / V8\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:40:26", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 61514\r\nCVE(CAN) ID: CVE-2013-2881,CVE-2013-2882,CVE-2013-2883,CVE-2013-2884,CVE-2013-2885,CVE-2013-2886\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3001\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n0\nGoogle Chrome < 28.0.1500.95\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.google.com", "reporter": "Root", "published": "2013-08-05T00:00:00", "title": "Google Chrome 28.0.1500.95\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2881", "CVE-2013-2882", "CVE-2013-2883", "CVE-2013-2884", "CVE-2013-2885", "CVE-2013-2886"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-08-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60928", "id": "SSV:60928", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T17:40:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 61552\r\nCVE(CAN) ID: CVE-2013-2885\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5728\u5b58\u5728\u591a\u4e2a\u5b57\u6bb5\u8f93\u51fa\u7c7b\u578b\u65f6\u5904\u7406JS\u4e8b\u4ef6\u7684\u65b9\u5f0f\u4e0a\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "reporter": "Root", "published": "2013-08-05T00:00:00", "title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2885)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2885"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-08-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60932", "id": "SSV:60932", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}, {"lastseen": "2017-11-19T17:40:26", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 61549\r\nCVE(CAN) ID: CVE-2013-2883\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5728\u5220\u9664MutationObserver\u5bf9\u8c61\u6ce8\u518c\u65f6\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "reporter": "Root", "published": "2013-08-05T00:00:00", "title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2883)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2883"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-08-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60933", "id": "SSV:60933", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}, {"lastseen": "2017-11-19T17:40:32", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 61548\r\nCVE(CAN) ID: CVE-2013-2882\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5185\u4f7f\u7528\u7684Google V8\u5b58\u5728\u7c7b\u578b\u6df7\u6dc6\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "reporter": "Root", "published": "2013-08-05T00:00:00", "title": "Google Chrome\u7c7b\u578b\u6df7\u6dc6\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2882)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2882"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-08-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60931", "id": "SSV:60931", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}, {"lastseen": "2017-11-19T17:40:30", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 61551\r\nCVE(CAN) ID: CVE-2013-2884\r\n\r\nGoogle Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nChrome 28.0.1500.95\u5728DOM\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u8ddf\u8e2a\u5305\u542bAttr\u5bf9\u8c61\u7684\u6587\u6863\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u7b49\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nGoogle Chrome < 28.0.1500.95\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGoogle\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "reporter": "Root", "published": "2013-08-05T00:00:00", "title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2013-2884)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2884"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-08-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60934", "id": "SSV:60934", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2732-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nJuly 31, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 \r\n CVE-2013-2885 CVE-2013-2886\r\n\r\nSeveral vulnerabilities have been discovered in the Chromium web browser.\r\n\r\nCVE-2013-2881\r\n\r\n Karthik Bhargavan discovered a way to bypass the Same Origin Policy\r\n in frame handling.\r\n\r\nCVE-2013-2882\r\n\r\n Cloudfuzzer discovered a type confusion issue in the V8 javascript\r\n library.\r\n\r\nCVE-2013-2883\r\n\r\n Cloudfuzzer discovered a use-after-free issue in MutationObserver.\r\n\r\nCVE-2013-2884\r\n\r\n Ivan Fratric of the Google Security Team discovered a use-after-free\r\n issue in the DOM implementation.\r\n\r\nCVE-2013-2885\r\n\r\n Ivan Fratric of the Google Security Team discovered a use-after-free\r\n issue in input handling.\r\n\r\nCVE-2013-2886\r\n\r\n The chrome 28 development team found various issues from internal\r\n fuzzing, audits, and other studies.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 28.0.1500.95-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems wil be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 28.0.1500.95-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.14 (GNU/Linux)\r\n\r\niQQcBAEBCgAGBQJR+dsQAAoJELjWss0C1vRzPl0gAJnnwlUpiQLN/n7cg4YNUvfS\r\niFVnVRfOu4ELbBwdHNFi4gZ5pzfDR10E4YmSLechqTW/0pRySYQGKhcXDTq+zHt/\r\n3V1t9Y+xRQKS1auZqDMqZEdyVMFKsrfd6i1uH+7A+76Xa3wnG3nmyut670VihbXt\r\nw5feqXeo6KI/mbFT5XtrLj6nBV+bBRl+VhkXnlQbOKGXGHLpOY5VzmytaU5ZIqFW\r\n7IYmtrMBUbIIwdKG3NfHa+bz9342p9j0f54AKHmMEcCkITzyTaO+k27oZTZd8hS8\r\nu9BlyCNl0Ps4/oiolttTnIFaRl7pmVtycXpqlTWFw/VtYmyQllGLAFA+z57OGC6o\r\nC0fhJYTjDAraVqZX0izJrdANeS5VyD+rbYAIfrg1gO60fQopcoTXTJ1qbi+TSwYm\r\nPAAkjCPAbsB1yJvLT+ecBqC9cT4os/+GafpUl/griHrGlt9pFgY7aQ6Tqkc5VhVV\r\nc+PVPRPJf+LJQBEGgZWgeI89t4IzKN/3ba8vdEgB5gqx28+p91yPLV0HIqEfUkvu\r\nWiP9Lky832UpNl3bNZGh32Xjw9wpPszp2N5Imwyt21NU07zL1bLePrkS6e0Nw30M\r\nzwu7yN6r5ZnU+kpR/kwi9LmsVzcIrWUH8KSQ5F3rXqiODR2n/Xn6ZbYvw6hMzzOk\r\n2uP8SGESvCfi/lHXqof2dj4TXnHDx/2aufCiRA3Y+qxpj1byt5qnhjx6NDaoMR/0\r\nR0onKGGqv07IcPWxogNe3kQQ+fSNu2YgBLodu96aSgFYeMMnhOkESPsPGLnSy2B6\r\n7vEqF2WH/34mGITfhl8luZ0hyeVDtWwhY34SJHnuHackXa970843w0vPJ3zq2m6x\r\ndo5QaYwL+3skGwDgn/nRxveqoLPprJH0ToRqhdwvuELZ7uSS4l8jXblc/H/0bLco\r\nZNrQU4T7rE1+bW23wafka75MjVkzNA7eJRFmqR1ds9Y6QwmlrZcE4i5FabF8rZZI\r\nV5Bxp+kzxDiYlv+z4vZpDj8ZHBO9OK3Az37mnwAthIjWstjFBNvLhgIAaXFFJ5p1\r\nTwHMvGQyZledPL2mV7vwx6f2gpWPaIlZFm0aCFG0Dr/rzYMKf9V7KZuiVFfAjJUI\r\npQWfO6wbkZU5vmIwudfdgH0C28tDawKy8tYd+7mFBvJZYh4lj+0Wceu37F1oN9Aq\r\nasyjyw/ubrqaVgKHeQw3VKxZWr836vrzIrZhUPP/aadejx+ABuBqvIsNRZA8Ei6g\r\nAE8FchyWiXFviiWTJmMILNlf6IsvysZbqkDAocUjfqy2QwfnL1CoM5fTcK+8koaA\r\nnZmdh50Da2Q9xmsWnJbbk4ANbJP7kkEnbreeifcO1Z97pN4EkwZ16SL4BK0jRAk=\r\n=AyVH\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-08-12T00:00:00", "title": "[SECURITY] [DSA 2732-1] chromium-browser security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:48", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-2882", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2881", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2013-08-12T00:00:00", "id": "SECURITYVULNS:DOC:29700", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29700", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:52", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29625", "https://vulners.com/securityvulns/securityvulns:doc:29700"], "description": "Protection bypass, privilege escalation, DoS, use-after-free, information leakage, memory corruptions.", "edition": 1, "reporter": "BUGTRAQ", "published": "2013-08-12T00:00:00", "title": "Chromium / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:52", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Chrome", "version": "27.0", "operator": "eq"}], "cvelist": ["CVE-2013-2882", "CVE-2013-2880", "CVE-2013-2867", "CVE-2013-2878", "CVE-2013-2853", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-2884", "CVE-2013-2870", "CVE-2013-2877", "CVE-2013-2875", "CVE-2013-2881", "CVE-2013-2869", "CVE-2013-2873", "CVE-2013-2871", "CVE-2013-2868", "CVE-2013-2879", "CVE-2013-2883", "CVE-2013-2885"], "modified": "2013-08-12T00:00:00", "id": "SECURITYVULNS:VULN:13200", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13200", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-19T13:38:46", "references": ["http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "http://www.debian.org/security/2013/dsa-2732", "https://code.google.com/p/chromium/issues/detail?id=246205", "https://code.google.com/p/chromium/issues/detail?id=246203", "https://code.google.com/p/chromium/issues/detail?id=249199", "https://code.google.com/p/chromium/issues/detail?id=252712", "https://code.google.com/p/chromium/issues/detail?id=261701"], "edition": 3, "description": "Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "reporter": "NVD", "published": "2013-07-31T09:20:14", "title": "CVE-2013-2886", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:17704", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17704"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-2886"], "scanner": [], "cpe": ["cpe:/a:google:chrome:28.0.1500.12", "cpe:/a:google:chrome:28.0.1500.43", "cpe:/a:google:chrome:28.0.1500.68", "cpe:/a:google:chrome:28.0.1500.63", "cpe:/a:google:chrome:28.0.1500.50", "cpe:/a:google:chrome:28.0.1500.58", "cpe:/a:google:chrome:28.0.1500.42", "cpe:/a:google:chrome:28.0.1500.52", "cpe:/a:google:chrome:28.0.1500.11", "cpe:/a:google:chrome:28.0.1500.21", "cpe:/a:google:chrome:28.0.1500.64", "cpe:/a:google:chrome:28.0.1500.36", "cpe:/a:google:chrome:28.0.1500.61", "cpe:/a:google:chrome:28.0.1500.47", "cpe:/a:google:chrome:28.0.1500.4", "cpe:/a:google:chrome:28.0.1500.5", "cpe:/a:google:chrome:28.0.1500.28", "cpe:/a:google:chrome:28.0.1500.70", "cpe:/a:google:chrome:28.0.1500.40", "cpe:/a:google:chrome:28.0.1500.37", "cpe:/a:google:chrome:28.0.1500.18", "cpe:/a:google:chrome:28.0.1500.8", "cpe:/a:google:chrome:28.0.1500.10", "cpe:/a:google:chrome:28.0.1500.38", "cpe:/a:google:chrome:28.0.1500.66", "cpe:/a:google:chrome:28.0.1500.35", "cpe:/a:google:chrome:28.0.1500.51", "cpe:/a:google:chrome:28.0.1500.48", "cpe:/a:google:chrome:28.0.1500.26", "cpe:/a:google:chrome:28.0.1500.19", "cpe:/a:google:chrome:28.0.1500.23", "cpe:/a:google:chrome:28.0.1500.94", "cpe:/a:google:chrome:28.0.1500.34", "cpe:/a:google:chrome:28.0.1500.27", "cpe:/a:google:chrome:28.0.1500.46", "cpe:/a:google:chrome:28.0.1500.29", "cpe:/a:google:chrome:28.0.1500.15", "cpe:/a:google:chrome:28.0.1500.72", "cpe:/a:google:chrome:28.0.1500.22", "cpe:/a:google:chrome:28.0.1500.2", "cpe:/a:google:chrome:28.0.1500.59", "cpe:/a:google:chrome:28.0.1500.89", "cpe:/a:google:chrome:28.0.1500.45", "cpe:/a:google:chrome:28.0.1500.62", "cpe:/a:google:chrome:28.0.1500.24", "cpe:/a:google:chrome:28.0.1500.39", "cpe:/a:google:chrome:28.0.1500.54", "cpe:/a:google:chrome:28.0.1500.41", "cpe:/a:google:chrome:28.0.1500.91", "cpe:/a:google:chrome:28.0.1500.14", "cpe:/a:google:chrome:28.0.1500.44", "cpe:/a:google:chrome:28.0.1500.6", "cpe:/a:google:chrome:28.0.1500.33", "cpe:/a:google:chrome:28.0.1500.56", "cpe:/a:google:chrome:28.0.1500.71", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:28.0.1500.20", "cpe:/a:google:chrome:28.0.1500.32", "cpe:/a:google:chrome:28.0.1500.17", "cpe:/a:google:chrome:28.0.1500.25", "cpe:/a:google:chrome:28.0.1500.9", "cpe:/a:google:chrome:28.0.1500.0", "cpe:/a:google:chrome:28.0.1500.31", "cpe:/a:google:chrome:28.0.1500.93", "cpe:/a:google:chrome:28.0.1500.16", "cpe:/a:google:chrome:28.0.1500.49", "cpe:/a:google:chrome:28.0.1500.3", "cpe:/a:google:chrome:28.0.1500.60", "cpe:/a:google:chrome:28.0.1500.53", "cpe:/a:google:chrome:28.0.1500.13"], "modified": "2017-09-18T21:36:29", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2886", "id": "CVE-2013-2886", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:46", "references": ["http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "http://rhn.redhat.com/errata/RHSA-2013-1201.html", "https://code.google.com/p/chromium/issues/detail?id=260106", "http://www.debian.org/security/2013/dsa-2732"], "edition": 3, "description": "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"", "reporter": "NVD", "published": "2013-07-31T09:20:13", "title": "CVE-2013-2882", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:17329", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-2882"], "scanner": [], "cpe": ["cpe:/a:google:chrome:28.0.1500.12", "cpe:/a:google:chrome:28.0.1500.43", "cpe:/a:google:chrome:28.0.1500.68", "cpe:/a:google:chrome:28.0.1500.63", "cpe:/a:google:chrome:28.0.1500.50", "cpe:/a:google:chrome:28.0.1500.58", "cpe:/a:google:chrome:28.0.1500.42", "cpe:/a:google:chrome:28.0.1500.52", "cpe:/a:google:chrome:28.0.1500.11", "cpe:/a:google:chrome:28.0.1500.21", "cpe:/a:google:chrome:28.0.1500.64", "cpe:/a:google:chrome:28.0.1500.36", "cpe:/a:google:chrome:28.0.1500.61", "cpe:/a:google:chrome:28.0.1500.47", "cpe:/a:google:chrome:28.0.1500.4", "cpe:/a:google:chrome:28.0.1500.5", "cpe:/a:google:chrome:28.0.1500.28", "cpe:/a:google:chrome:28.0.1500.70", "cpe:/a:google:chrome:28.0.1500.40", "cpe:/a:google:chrome:28.0.1500.37", "cpe:/a:google:chrome:28.0.1500.18", "cpe:/a:google:chrome:28.0.1500.8", "cpe:/a:google:chrome:28.0.1500.10", "cpe:/a:google:chrome:28.0.1500.38", "cpe:/a:google:chrome:28.0.1500.66", "cpe:/a:redhat:openstack:3.0", "cpe:/a:google:chrome:28.0.1500.35", "cpe:/a:google:chrome:28.0.1500.51", "cpe:/a:google:chrome:28.0.1500.48", "cpe:/a:google:chrome:28.0.1500.26", "cpe:/a:google:chrome:28.0.1500.19", "cpe:/a:google:chrome:28.0.1500.23", "cpe:/a:google:chrome:28.0.1500.94", "cpe:/a:google:chrome:28.0.1500.34", "cpe:/a:google:chrome:28.0.1500.27", "cpe:/a:google:chrome:28.0.1500.46", "cpe:/a:google:chrome:28.0.1500.29", "cpe:/a:google:chrome:28.0.1500.15", "cpe:/a:google:chrome:28.0.1500.72", "cpe:/a:google:chrome:28.0.1500.22", "cpe:/a:google:chrome:28.0.1500.2", "cpe:/a:google:chrome:28.0.1500.59", "cpe:/a:google:chrome:28.0.1500.89", "cpe:/a:google:chrome:28.0.1500.45", "cpe:/a:google:chrome:28.0.1500.62", "cpe:/a:google:chrome:28.0.1500.24", "cpe:/a:google:chrome:28.0.1500.39", "cpe:/a:google:chrome:28.0.1500.54", "cpe:/a:google:chrome:28.0.1500.41", "cpe:/a:google:chrome:28.0.1500.91", "cpe:/a:google:chrome:28.0.1500.14", "cpe:/a:google:chrome:28.0.1500.44", "cpe:/a:google:chrome:28.0.1500.6", "cpe:/a:google:chrome:28.0.1500.33", "cpe:/a:google:chrome:28.0.1500.56", "cpe:/a:google:chrome:28.0.1500.71", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:28.0.1500.20", "cpe:/a:google:chrome:28.0.1500.32", "cpe:/a:google:chrome:28.0.1500.17", "cpe:/a:google:chrome:28.0.1500.25", "cpe:/a:google:chrome:28.0.1500.9", "cpe:/a:google:chrome:28.0.1500.0", "cpe:/a:google:chrome:28.0.1500.31", "cpe:/a:google:chrome:28.0.1500.93", "cpe:/a:google:chrome:28.0.1500.16", "cpe:/a:google:chrome:28.0.1500.49", "cpe:/a:google:chrome:28.0.1500.3", "cpe:/a:google:chrome:28.0.1500.60", "cpe:/a:google:chrome:28.0.1500.53", "cpe:/a:google:chrome:28.0.1500.13"], "modified": "2017-09-18T21:36:29", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2882", "id": "CVE-2013-2882", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:46", "references": ["http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "https://code.google.com/p/chromium/issues/detail?id=257748", "http://www.debian.org/security/2013/dsa-2732", "https://src.chromium.org/viewvc/blink?revision=153929&view=revision"], "edition": 3, "description": "Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "reporter": "NVD", "published": "2013-07-31T09:20:13", "title": "CVE-2013-2881", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:17348", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17348"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-2881"], "scanner": [], "cpe": ["cpe:/a:google:chrome:28.0.1500.12", "cpe:/a:google:chrome:28.0.1500.43", "cpe:/a:google:chrome:28.0.1500.68", "cpe:/a:google:chrome:28.0.1500.63", "cpe:/a:google:chrome:28.0.1500.50", "cpe:/a:google:chrome:28.0.1500.58", "cpe:/a:google:chrome:28.0.1500.42", "cpe:/a:google:chrome:28.0.1500.52", "cpe:/a:google:chrome:28.0.1500.11", "cpe:/a:google:chrome:28.0.1500.21", "cpe:/a:google:chrome:28.0.1500.64", "cpe:/a:google:chrome:28.0.1500.36", "cpe:/a:google:chrome:28.0.1500.61", "cpe:/a:google:chrome:28.0.1500.47", "cpe:/a:google:chrome:28.0.1500.4", "cpe:/a:google:chrome:28.0.1500.5", "cpe:/a:google:chrome:28.0.1500.28", "cpe:/a:google:chrome:28.0.1500.70", "cpe:/a:google:chrome:28.0.1500.40", "cpe:/a:google:chrome:28.0.1500.37", "cpe:/a:google:chrome:28.0.1500.18", "cpe:/a:google:chrome:28.0.1500.8", "cpe:/a:google:chrome:28.0.1500.10", "cpe:/a:google:chrome:28.0.1500.38", "cpe:/a:google:chrome:28.0.1500.66", "cpe:/a:google:chrome:28.0.1500.35", "cpe:/a:google:chrome:28.0.1500.51", "cpe:/a:google:chrome:28.0.1500.48", "cpe:/a:google:chrome:28.0.1500.26", "cpe:/a:google:chrome:28.0.1500.19", "cpe:/a:google:chrome:28.0.1500.23", "cpe:/a:google:chrome:28.0.1500.94", "cpe:/a:google:chrome:28.0.1500.34", "cpe:/a:google:chrome:28.0.1500.27", "cpe:/a:google:chrome:28.0.1500.46", "cpe:/a:google:chrome:28.0.1500.29", "cpe:/a:google:chrome:28.0.1500.15", "cpe:/a:google:chrome:28.0.1500.72", "cpe:/a:google:chrome:28.0.1500.22", "cpe:/a:google:chrome:28.0.1500.2", "cpe:/a:google:chrome:28.0.1500.59", "cpe:/a:google:chrome:28.0.1500.89", "cpe:/a:google:chrome:28.0.1500.45", "cpe:/a:google:chrome:28.0.1500.62", "cpe:/a:google:chrome:28.0.1500.24", "cpe:/a:google:chrome:28.0.1500.39", "cpe:/a:google:chrome:28.0.1500.54", "cpe:/a:google:chrome:28.0.1500.41", "cpe:/a:google:chrome:28.0.1500.91", "cpe:/a:google:chrome:28.0.1500.14", "cpe:/a:google:chrome:28.0.1500.44", "cpe:/a:google:chrome:28.0.1500.6", "cpe:/a:google:chrome:28.0.1500.33", "cpe:/a:google:chrome:28.0.1500.56", "cpe:/a:google:chrome:28.0.1500.71", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:28.0.1500.20", "cpe:/a:google:chrome:28.0.1500.32", "cpe:/a:google:chrome:28.0.1500.17", "cpe:/a:google:chrome:28.0.1500.25", "cpe:/a:google:chrome:28.0.1500.9", "cpe:/a:google:chrome:28.0.1500.0", "cpe:/a:google:chrome:28.0.1500.31", "cpe:/a:google:chrome:28.0.1500.93", "cpe:/a:google:chrome:28.0.1500.16", "cpe:/a:google:chrome:28.0.1500.49", "cpe:/a:google:chrome:28.0.1500.3", "cpe:/a:google:chrome:28.0.1500.60", "cpe:/a:google:chrome:28.0.1500.53", "cpe:/a:google:chrome:28.0.1500.13"], "modified": "2017-09-18T21:36:29", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2881", "id": "CVE-2013-2881", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-14T11:21:31", "references": ["http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "https://code.google.com/p/chromium/issues/detail?id=257353", "https://code.google.com/p/chromium/issues/detail?id=249640", "http://www.debian.org/security/2013/dsa-2732", "https://chromium.googlesource.com/chromium/blink/+/7a7ea525c912f6e59aa3e915e7f2cf140c077a49"], "description": "Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type.", "edition": 4, "reporter": "NVD", "published": "2013-07-31T09:20:13", "title": "CVE-2013-2885", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:17672", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17672"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-2885"], "scanner": [], "modified": "2018-08-13T17:47:44", "cpe": ["cpe:/a:google:chrome:28.0.1500.12", "cpe:/a:google:chrome:28.0.1500.43", "cpe:/a:google:chrome:28.0.1500.68", "cpe:/a:google:chrome:28.0.1500.63", "cpe:/a:google:chrome:28.0.1500.50", "cpe:/a:google:chrome:28.0.1500.58", "cpe:/a:google:chrome:28.0.1500.42", "cpe:/a:google:chrome:28.0.1500.52", "cpe:/a:google:chrome:28.0.1500.11", "cpe:/a:google:chrome:28.0.1500.21", "cpe:/a:google:chrome:28.0.1500.64", "cpe:/a:google:chrome:28.0.1500.36", "cpe:/a:google:chrome:28.0.1500.61", "cpe:/a:google:chrome:28.0.1500.47", "cpe:/a:google:chrome:28.0.1500.4", "cpe:/a:google:chrome:28.0.1500.5", "cpe:/a:google:chrome:28.0.1500.28", "cpe:/a:google:chrome:28.0.1500.70", "cpe:/a:google:chrome:28.0.1500.40", "cpe:/a:google:chrome:28.0.1500.37", "cpe:/a:google:chrome:28.0.1500.18", "cpe:/a:google:chrome:28.0.1500.8", "cpe:/a:google:chrome:28.0.1500.10", "cpe:/a:google:chrome:28.0.1500.38", "cpe:/a:google:chrome:28.0.1500.66", "cpe:/a:google:chrome:28.0.1500.35", "cpe:/a:google:chrome:28.0.1500.51", "cpe:/a:google:chrome:28.0.1500.48", "cpe:/a:google:chrome:28.0.1500.26", "cpe:/a:google:chrome:28.0.1500.19", "cpe:/a:google:chrome:28.0.1500.23", "cpe:/a:google:chrome:28.0.1500.94", "cpe:/a:google:chrome:28.0.1500.34", "cpe:/a:google:chrome:28.0.1500.27", "cpe:/a:google:chrome:28.0.1500.46", "cpe:/a:google:chrome:28.0.1500.29", "cpe:/a:google:chrome:28.0.1500.15", "cpe:/a:google:chrome:28.0.1500.72", "cpe:/a:google:chrome:28.0.1500.22", "cpe:/a:google:chrome:28.0.1500.2", "cpe:/a:google:chrome:28.0.1500.59", "cpe:/a:google:chrome:28.0.1500.89", "cpe:/a:google:chrome:28.0.1500.45", "cpe:/a:google:chrome:28.0.1500.62", "cpe:/a:google:chrome:28.0.1500.24", "cpe:/a:google:chrome:28.0.1500.39", "cpe:/a:google:chrome:28.0.1500.54", "cpe:/a:google:chrome:28.0.1500.41", "cpe:/a:google:chrome:28.0.1500.91", "cpe:/a:google:chrome:28.0.1500.14", "cpe:/a:google:chrome:28.0.1500.44", "cpe:/a:google:chrome:28.0.1500.6", "cpe:/a:google:chrome:28.0.1500.33", "cpe:/a:google:chrome:28.0.1500.56", "cpe:/a:google:chrome:28.0.1500.71", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:28.0.1500.20", "cpe:/a:google:chrome:28.0.1500.32", "cpe:/a:google:chrome:28.0.1500.17", "cpe:/a:google:chrome:28.0.1500.25", "cpe:/a:google:chrome:28.0.1500.9", "cpe:/a:google:chrome:28.0.1500.0", "cpe:/a:google:chrome:28.0.1500.31", "cpe:/a:google:chrome:28.0.1500.93", "cpe:/a:google:chrome:28.0.1500.16", "cpe:/a:google:chrome:28.0.1500.49", "cpe:/a:google:chrome:28.0.1500.3", "cpe:/a:google:chrome:28.0.1500.60", "cpe:/a:google:chrome:28.0.1500.53", "cpe:/a:google:chrome:28.0.1500.13"], "id": "CVE-2013-2885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2885", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:46", "references": ["http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "https://src.chromium.org/viewvc/blink?revision=154264&view=revision", "http://www.debian.org/security/2013/dsa-2732", "https://code.google.com/p/chromium/issues/detail?id=260165"], "edition": 3, "description": "Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.", "reporter": "NVD", "published": "2013-07-31T09:20:13", "title": "CVE-2013-2883", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:17525", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17525"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-2883"], "scanner": [], "cpe": ["cpe:/a:google:chrome:28.0.1500.12", "cpe:/a:google:chrome:28.0.1500.43", "cpe:/a:google:chrome:28.0.1500.68", "cpe:/a:google:chrome:28.0.1500.63", "cpe:/a:google:chrome:28.0.1500.50", "cpe:/a:google:chrome:28.0.1500.58", "cpe:/a:google:chrome:28.0.1500.42", "cpe:/a:google:chrome:28.0.1500.52", "cpe:/a:google:chrome:28.0.1500.11", "cpe:/a:google:chrome:28.0.1500.21", "cpe:/a:google:chrome:28.0.1500.64", "cpe:/a:google:chrome:28.0.1500.36", "cpe:/a:google:chrome:28.0.1500.61", "cpe:/a:google:chrome:28.0.1500.47", "cpe:/a:google:chrome:28.0.1500.4", "cpe:/a:google:chrome:28.0.1500.5", "cpe:/a:google:chrome:28.0.1500.28", "cpe:/a:google:chrome:28.0.1500.70", "cpe:/a:google:chrome:28.0.1500.40", "cpe:/a:google:chrome:28.0.1500.37", "cpe:/a:google:chrome:28.0.1500.18", "cpe:/a:google:chrome:28.0.1500.8", "cpe:/a:google:chrome:28.0.1500.10", "cpe:/a:google:chrome:28.0.1500.38", "cpe:/a:google:chrome:28.0.1500.66", "cpe:/a:google:chrome:28.0.1500.35", "cpe:/a:google:chrome:28.0.1500.51", "cpe:/a:google:chrome:28.0.1500.48", "cpe:/a:google:chrome:28.0.1500.26", "cpe:/a:google:chrome:28.0.1500.19", "cpe:/a:google:chrome:28.0.1500.23", "cpe:/a:google:chrome:28.0.1500.94", "cpe:/a:google:chrome:28.0.1500.34", "cpe:/a:google:chrome:28.0.1500.27", "cpe:/a:google:chrome:28.0.1500.46", "cpe:/a:google:chrome:28.0.1500.29", "cpe:/a:google:chrome:28.0.1500.15", "cpe:/a:google:chrome:28.0.1500.72", "cpe:/a:google:chrome:28.0.1500.22", "cpe:/a:google:chrome:28.0.1500.2", "cpe:/a:google:chrome:28.0.1500.59", "cpe:/a:google:chrome:28.0.1500.89", "cpe:/a:google:chrome:28.0.1500.45", "cpe:/a:google:chrome:28.0.1500.62", "cpe:/a:google:chrome:28.0.1500.24", "cpe:/a:google:chrome:28.0.1500.39", "cpe:/a:google:chrome:28.0.1500.54", "cpe:/a:google:chrome:28.0.1500.41", "cpe:/a:google:chrome:28.0.1500.91", "cpe:/a:google:chrome:28.0.1500.14", "cpe:/a:google:chrome:28.0.1500.44", "cpe:/a:google:chrome:28.0.1500.6", "cpe:/a:google:chrome:28.0.1500.33", "cpe:/a:google:chrome:28.0.1500.56", "cpe:/a:google:chrome:28.0.1500.71", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:28.0.1500.20", "cpe:/a:google:chrome:28.0.1500.32", "cpe:/a:google:chrome:28.0.1500.17", "cpe:/a:google:chrome:28.0.1500.25", "cpe:/a:google:chrome:28.0.1500.9", "cpe:/a:google:chrome:28.0.1500.0", "cpe:/a:google:chrome:28.0.1500.31", "cpe:/a:google:chrome:28.0.1500.93", "cpe:/a:google:chrome:28.0.1500.16", "cpe:/a:google:chrome:28.0.1500.49", "cpe:/a:google:chrome:28.0.1500.3", "cpe:/a:google:chrome:28.0.1500.60", "cpe:/a:google:chrome:28.0.1500.53", "cpe:/a:google:chrome:28.0.1500.13"], "modified": "2017-09-18T21:36:29", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2883", "id": "CVE-2013-2883", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:46", "references": ["http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "https://code.google.com/p/chromium/issues/detail?id=248950", "http://www.debian.org/security/2013/dsa-2732", "https://src.chromium.org/viewvc/blink?revision=152938&view=revision"], "edition": 3, "description": "Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.", "reporter": "NVD", "published": "2013-07-31T09:20:13", "title": "CVE-2013-2884", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:17597", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17597"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-2884"], "scanner": [], "cpe": ["cpe:/a:google:chrome:28.0.1500.12", "cpe:/a:google:chrome:28.0.1500.43", "cpe:/a:google:chrome:28.0.1500.68", "cpe:/a:google:chrome:28.0.1500.63", "cpe:/a:google:chrome:28.0.1500.50", "cpe:/a:google:chrome:28.0.1500.58", "cpe:/a:google:chrome:28.0.1500.42", "cpe:/a:google:chrome:28.0.1500.52", "cpe:/a:google:chrome:28.0.1500.11", "cpe:/a:google:chrome:28.0.1500.21", "cpe:/a:google:chrome:28.0.1500.64", "cpe:/a:google:chrome:28.0.1500.36", "cpe:/a:google:chrome:28.0.1500.61", "cpe:/a:google:chrome:28.0.1500.47", "cpe:/a:google:chrome:28.0.1500.4", "cpe:/a:google:chrome:28.0.1500.5", "cpe:/a:google:chrome:28.0.1500.28", "cpe:/a:google:chrome:28.0.1500.70", "cpe:/a:google:chrome:28.0.1500.40", "cpe:/a:google:chrome:28.0.1500.37", "cpe:/a:google:chrome:28.0.1500.18", "cpe:/a:google:chrome:28.0.1500.8", "cpe:/a:google:chrome:28.0.1500.10", "cpe:/a:google:chrome:28.0.1500.38", "cpe:/a:google:chrome:28.0.1500.66", "cpe:/a:google:chrome:28.0.1500.35", "cpe:/a:google:chrome:28.0.1500.51", "cpe:/a:google:chrome:28.0.1500.48", "cpe:/a:google:chrome:28.0.1500.26", "cpe:/a:google:chrome:28.0.1500.19", "cpe:/a:google:chrome:28.0.1500.23", "cpe:/a:google:chrome:28.0.1500.94", "cpe:/a:google:chrome:28.0.1500.34", "cpe:/a:google:chrome:28.0.1500.27", "cpe:/a:google:chrome:28.0.1500.46", "cpe:/a:google:chrome:28.0.1500.29", "cpe:/a:google:chrome:28.0.1500.15", "cpe:/a:google:chrome:28.0.1500.72", "cpe:/a:google:chrome:28.0.1500.22", "cpe:/a:google:chrome:28.0.1500.2", "cpe:/a:google:chrome:28.0.1500.59", "cpe:/a:google:chrome:28.0.1500.89", "cpe:/a:google:chrome:28.0.1500.45", "cpe:/a:google:chrome:28.0.1500.62", "cpe:/a:google:chrome:28.0.1500.24", "cpe:/a:google:chrome:28.0.1500.39", "cpe:/a:google:chrome:28.0.1500.54", "cpe:/a:google:chrome:28.0.1500.41", "cpe:/a:google:chrome:28.0.1500.91", "cpe:/a:google:chrome:28.0.1500.14", "cpe:/a:google:chrome:28.0.1500.44", "cpe:/a:google:chrome:28.0.1500.6", "cpe:/a:google:chrome:28.0.1500.33", "cpe:/a:google:chrome:28.0.1500.56", "cpe:/a:google:chrome:28.0.1500.71", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:google:chrome:28.0.1500.20", "cpe:/a:google:chrome:28.0.1500.32", "cpe:/a:google:chrome:28.0.1500.17", "cpe:/a:google:chrome:28.0.1500.25", "cpe:/a:google:chrome:28.0.1500.9", "cpe:/a:google:chrome:28.0.1500.0", "cpe:/a:google:chrome:28.0.1500.31", "cpe:/a:google:chrome:28.0.1500.93", "cpe:/a:google:chrome:28.0.1500.16", "cpe:/a:google:chrome:28.0.1500.49", "cpe:/a:google:chrome:28.0.1500.3", "cpe:/a:google:chrome:28.0.1500.60", "cpe:/a:google:chrome:28.0.1500.53", "cpe:/a:google:chrome:28.0.1500.13"], "modified": "2017-09-18T21:36:29", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2884", "id": "CVE-2013-2884", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-13T00:00:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.14.5.10-2.el6", "arch": "x86_64", "packageName": "ruby193-v8-debuginfo", "packageFilename": "ruby193-v8-debuginfo-3.14.5.10-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.14.5.10-2.el6", "arch": "src", "packageName": "ruby193-v8", "packageFilename": "ruby193-v8-3.14.5.10-2.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.14.5.10-2.el6", "arch": "x86_64", "packageName": "ruby193-v8", "packageFilename": "ruby193-v8-3.14.5.10-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.14.5.10-2.el6", "arch": "x86_64", "packageName": "ruby193-v8-devel", "packageFilename": "ruby193-v8-devel-3.14.5.10-2.el6.x86_64.rpm", "operator": "lt"}], "description": "V8 is Google's open source JavaScript engine.\n\nA type confusion issue was found in the V8 JavaScript engine. An attacker\ncould use this flaw to cause a denial of service or, potentially, execute\narbitrary code. (CVE-2013-2882)\n\nNote: Exploitation of this issue requires, at the least, execution of\nmalicious JavaScript. In the standard use case of ruby193-v8 in Red Hat\nOpenStack it is unlikely that a scenario exists where this would occur.\n\nUsers of ruby193-v8 are advised to upgrade to these updated packages,\nwhich correct this issue.\n", "reporter": "RedHat", "published": "2013-09-03T04:00:00", "type": "redhat", "title": "(RHSA-2013:1201) Low: ruby193-v8 security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-2882"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:27:36", "id": "RHSA-2013:1201", "href": "https://access.redhat.com/errata/RHSA-2013:1201", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=476344", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118", "https://bugs.gentoo.org/show_bug.cgi?id=446944", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834", "https://bugs.gentoo.org/show_bug.cgi?id=470920", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142", "https://bugs.gentoo.org/show_bug.cgi?id=445246", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150", "https://bugs.gentoo.org/show_bug.cgi?id=453610", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919", "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141", "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857", "https://bugs.gentoo.org/show_bug.cgi?id=463426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875", "https://bugs.gentoo.org/show_bug.cgi?id=481990", "https://bugs.gentoo.org/show_bug.cgi?id=458644", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917", "https://bugs.gentoo.org/show_bug.cgi?id=451334", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143", "https://bugs.gentoo.org/show_bug.cgi?id=442096", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137", "https://bugs.gentoo.org/show_bug.cgi?id=460318", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123", "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925", "https://bugs.gentoo.org/show_bug.cgi?id=444826", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840", "https://bugs.gentoo.org/show_bug.cgi?id=479048", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132", "https://bugs.gentoo.org/show_bug.cgi?id=472350", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135", "https://bugs.gentoo.org/show_bug.cgi?id=460776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "29.0.1457.57", "packageFilename": "UNKNOWN", "packageName": "www-client/chromium", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.18.5.14", "packageFilename": "UNKNOWN", "packageName": "dev-lang/v8", "arch": "all", "operator": "lt"}], "description": "### Background\n\nChromium is an open-source web browser project. V8 is Google\u2019s open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-29.0.1457.57\"\n \n\nAll V8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/v8-3.18.5.14\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2013-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "modified": "2013-09-25T00:00:00", "id": "GLSA-201309-16", "href": "https://security.gentoo.org/glsa/201309-16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
