chromium -- multiple vulnerabilities

2015-07-21T00:00:00

Description

Google Chrome Releases reports: 43 security fixes in this release, including: [446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. [461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi. [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team. [472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne. [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon. [486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer. [487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa. [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva. [492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa. [493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG. [504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous. [505374] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team. [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor. [444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG. [451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva. [479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined. [482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva. [498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes. [479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com. [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.

Affected Package

OS	OS Version	Package Name	Package Version
FreeBSD	any	chromium	44.0.2403.89
FreeBSD	any	chromium-npapi	44.0.2403.89
FreeBSD	any	chromium-pulse	44.0.2403.89

{"id": "9D732078-32C7-11E5-B263-00262D5ED8EE", "vendorId": null, "type": "freebsd", "bulletinFamily": "unix", "title": "chromium -- multiple vulnerabilities", "description": "\n\nGoogle Chrome Releases reports:\n\n43 security fixes in this release, including:\n\n[446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium.\n\t Credit to cloudfuzzer.\n[459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium.\n\t Credit to makosoft.\n[461858] High CVE-2015-1274: Settings allowed executable files\n\t to run immediately after download. Credit to andrewm.bpi.\n[462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit\n\t to WangTao(neobyte) of Baidu X-Team.\n[472614] High CVE-2015-1276: Use-after-free in IndexedDB.\n\t Credit to Collin Payne.\n[483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium.\n\t Credit to mlafon.\n[486947] High CVE-2015-1280: Memory corruption in skia. Credit\n\t to cloudfuzzer.\n[487155] High CVE-2015-1281: CSP bypass. Credit to Masato\n\t Kinugawa.\n[487928] High CVE-2015-1282: Use-after-free in pdfium. Credit\n\t to Chamal de Silva.\n[492052] High CVE-2015-1283: Heap-buffer-overflow in expat.\n\t Credit to sidhpurwala.huzaifa.\n[493243] High CVE-2015-1284: Use-after-free in blink. Credit to\n\t Atte Kettunen of OUSPG.\n[504011] High CVE-2015-1286: UXSS in blink. Credit to\n\t anonymous.\n[505374] High CVE-2015-1290: Memory corruption in V8. Credit to\n\t Yongjun Liu of NSFOCUS Security Team.\n[419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to\n\t filedescriptor.\n[444573] Medium CVE-2015-1270: Uninitialized memory read in\n\t ICU. Credit to Atte Kettunen of OUSPG.\n[451456] Medium CVE-2015-1272: Use-after-free related to\n\t unexpected GPU process termination. Credit to Chamal de\n\t Silva.\n[479743] Medium CVE-2015-1277: Use-after-free in accessibility.\n\t Credit to SkyLined.\n[482380] Medium CVE-2015-1278: URL spoofing using pdf files.\n\t Credit to Chamal de Silva.\n[498982] Medium CVE-2015-1285: Information leak in XSS auditor.\n\t Credit to gazheyes.\n[479162] Low CVE-2015-1288: Spell checking dictionaries fetched\n\t over HTTP. Credit to mike@michaelruddy.com.\n[512110] CVE-2015-1289: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n\n", "published": "2015-07-21T00:00:00", "modified": "2015-07-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://vuxml.freebsd.org/freebsd/9d732078-32c7-11e5-b263-00262d5ed8ee.html", "reporter": "FreeBSD", "references": ["http://googlechromereleases.blogspot.nl/"], "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-1290"], "immutableFields": [], "lastseen": "2022-01-19T15:51:32", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1364"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-11-01"]}, {"type": "apple", "idList": ["APPLE:198F1AB81F91F2CEB090B4B4D49C57AD", "APPLE:9A0B3B0DFCDD94CAF1819BEC271E3754", "APPLE:HT207598", "APPLE:HT207599"]}, {"type": "archlinux", "idList": ["ASA-201507-18", "ASA-201603-23", "ASA-201605-22", "ASA-201605-23"]}, {"type": "chrome", "idList": ["GCSA-4373103836158955363"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:07FC899E9F5F58E4BEDD842E4A4820A4"]}, {"type": "cve", "idList": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-1290", "CVE-2015-2716", "CVE-2016-4472"]}, {"type": "debian", "idList": ["DEBIAN:DLA-281-1:C24AD", "DEBIAN:DSA-3315-1:9DB7E", "DEBIAN:DSA-3315-1:DF83F", "DEBIAN:DSA-3318-1:6F723", "DEBIAN:DSA-3360-1:A29C1", "DEBIAN:DSA-3582-1:BA58B", "DEBIAN:DSA-3582-1:D0BF8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1270", "DEBIANCVE:CVE-2015-1271", "DEBIANCVE:CVE-2015-1272", "DEBIANCVE:CVE-2015-1273", "DEBIANCVE:CVE-2015-1274", "DEBIANCVE:CVE-2015-1275", "DEBIANCVE:CVE-2015-1276", "DEBIANCVE:CVE-2015-1277", "DEBIANCVE:CVE-2015-1278", "DEBIANCVE:CVE-2015-1279", "DEBIANCVE:CVE-2015-1280", "DEBIANCVE:CVE-2015-1281", "DEBIANCVE:CVE-2015-1282", "DEBIANCVE:CVE-2015-1283", "DEBIANCVE:CVE-2015-1284", "DEBIANCVE:CVE-2015-1285", "DEBIANCVE:CVE-2015-1286", "DEBIANCVE:CVE-2015-1287", "DEBIANCVE:CVE-2015-1288", "DEBIANCVE:CVE-2015-1289", "DEBIANCVE:CVE-2015-1290", "DEBIANCVE:CVE-2016-4472"]}, {"type": "f5", "idList": ["F5:K15104541", "F5:K22232964", "F5:K50459349", "SOL22232964"]}, {"type": "freebsd", "idList": ["0DA8A68E-600A-11E6-A6C3-14DAE9D210B8", "FF76F0E0-3F11-11E6-B3C8-14DAE9D210B8"]}, {"type": "gentoo", "idList": ["GLSA-201603-09", "GLSA-201701-21"]}, {"type": "ibm", "idList": ["06C99EB15420DA5A539FFB3A44458D94DAC3394C9290BCEA793D01F5ED040762", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "1B2A94FC385D7D94AFCB490D7B33A59B4FE30EFE9AC4369DE4AC8270E6507BA6", "1E2DFD1B919A2E774921AB01DBFD031EF4B85DBDB3FF58C6A33FC16C44A81962", "284CB5E897879204BDB37B73545D3C28EC0BBFB38CEDC197313B96514E0C8DEF", "2C376EA6036BA61CC5A15E13B342EC84F31F5A9CC2F2B21B4A9A7E5A19603DC1", "38CC3F0B1992B7F87CFBCAE3CC7B31F2966DC0FA035A5E4BF2B0AA5F15F1A057", "3B46DC927F068A82BC90F843176D830F8795AFF055A8B4B7F3819880513A5F01", "4DF380A5FFD83D85515579A9D00B67175FABD22AE4E6AB62C7B6649FC348EE9C", "5BED520461A14F6C17C2C0743D506662EA54ABFECEA6C1FB8B5574C2E6383F76", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "6B8DA9E1FF7F3B0A4F769810EF8B0748EF5077A42FA1E1E5D9A3C33E96EEFDA4", "6CA5D1C86CFF0FBBC4485D04C3C3C64B154659BA87BBEFF39AF02988CFF33583", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7EC649E6BC5F3D338DD0D070678E70EF4B5FA744C4A6157F839098EC69F3AD14", "83BEC5BE76DF901F9313DC0E22D9F7B7B815E20E6B6815632BCBD80947228620", "8FFC738358756CE4D5B6625C74E94217390A44F66AE8B9F1BA14E16B0E361EF1", "9613E878D620A6D0F9489090E5CD7A16E4F4C366D560C6C54BC551EC99C4218D", "9B42F852F4AF0BA8746EBACEB82E34997A0D5C2467042997734953C2D009D359", "AE63911B151ED314207894962F00CF55443E6D574A7DB784093BEFF71FF62D1C", "AF0238154AA1358490B320F50C9820D8CA6D89CDB7190FCD9E4A0779A6DDCA6E", "AF496E8C72489250D3F499580E263AE349F5F9559FF071587B820E41A492E9F0", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "DD38275FC7A6C7310933EE72F39FB765D116781C288A9701506DA04B64DC99E3", "E35B3BFF26EE49538A5E52DCE95E046C70D680FA622448F3D6FE654C3E6D6A09", "FE82572D03660F69AE8CEB7C45CD7AC3F657253046E300104542981D20AB330D"]}, {"type": "kaspersky", "idList": ["KLA10636"]}, {"type": "mageia", "idList": ["MGASA-2015-0285", "MGASA-2015-0286", "MGASA-2015-0287", "MGASA-2015-0288"]}, {"type": "nessus", "idList": ["8853.PASL", "8854.PASL", "ALA_ALAS-2020-1364.NASL", "DEBIAN_DLA-281.NASL", "DEBIAN_DSA-3315.NASL", "DEBIAN_DSA-3318.NASL", "DEBIAN_DSA-3360.NASL", "DEBIAN_DSA-3582.NASL", "EULEROS_SA-2019-1666.NASL", "EULEROS_SA-2019-1698.NASL", "EULEROS_SA-2019-1742.NASL", "EULEROS_SA-2019-2063.NASL", "EULEROS_SA-2020-1619.NASL", "EULEROS_SA-2020-1639.NASL", "F5_BIGIP_SOL15104541.NASL", "F5_BIGIP_SOL50459349.NASL", "FREEBSD_PKG_0DA8A68E600A11E6A6C314DAE9D210B8.NASL", "FREEBSD_PKG_9D73207832C711E5B26300262D5ED8EE.NASL", "FREEBSD_PKG_FF76F0E03F1111E6B3C814DAE9D210B8.NASL", "GENTOO_GLSA-201603-09.NASL", "GENTOO_GLSA-201701-21.NASL", "GOOGLE_CHROME_44_0_2403_89.NASL", "IBM_HTTP_SERVER_535175.NASL", "IBM_HTTP_SERVER_548231.NASL", "ITUNES_12_6.NASL", "ITUNES_12_6_BANNER.NASL", "JUNIPER_JSA10904.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_89.NASL", "MACOS_ITUNES_12_6.NASL", "NEWSTART_CGSL_NS-SA-2020-0077_EXPAT.NASL", "NEWSTART_CGSL_NS-SA-2020-0116_EXPAT.NASL", "OPENSUSE-2015-513.NASL", "OPENSUSE-2015-953.NASL", "OPENSUSE-2016-660.NASL", "OPENSUSE-2016-695.NASL", "PFSENSE_SA-15_08.NASL", "PVS_5_2_0.NASL", "REDHAT-RHSA-2015-1499.NASL", "SLACKWARE_SSA_2016-359-01.NASL", "SUSE_SU-2016-1508-1.NASL", "SUSE_SU-2016-1512-1.NASL", "UBUNTU_USN-2677-1.NASL", "UBUNTU_USN-2726-1.NASL", "UBUNTU_USN-2740-1.NASL", "UBUNTU_USN-3013-1.NASL", "WEBSPHERE_8_5_5_7.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121451", "OPENVAS:1361412562310130090", "OPENVAS:1361412562310130091", "OPENVAS:1361412562310130093", "OPENVAS:1361412562310703315", "OPENVAS:1361412562310703318", "OPENVAS:1361412562310703360", "OPENVAS:1361412562310703582", "OPENVAS:1361412562310805934", "OPENVAS:1361412562310805935", "OPENVAS:1361412562310805936", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310810725", "OPENVAS:1361412562310842401", "OPENVAS:1361412562310842425", "OPENVAS:1361412562310842437", "OPENVAS:1361412562310842800", "OPENVAS:1361412562310850665", "OPENVAS:1361412562310851322", "OPENVAS:1361412562310851326", "OPENVAS:1361412562310851329", "OPENVAS:1361412562311220191666", "OPENVAS:1361412562311220191698", "OPENVAS:1361412562311220191742", "OPENVAS:1361412562311220192063", "OPENVAS:1361412562311220201619", "OPENVAS:1361412562311220201639", "OPENVAS:703315", "OPENVAS:703318", "OPENVAS:703360", "OPENVAS:703582"]}, {"type": "osv", "idList": ["OSV:DLA-281-1", "OSV:DSA-3315-1", "OSV:DSA-3318-1", "OSV:DSA-3360-1", "OSV:DSA-3582-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132738"]}, {"type": "redhat", "idList": ["RHSA-2015:1499"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-4472"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32351", "SECURITYVULNS:DOC:32385", "SECURITYVULNS:DOC:32533", "SECURITYVULNS:VULN:14602", "SECURITYVULNS:VULN:14621", "SECURITYVULNS:VULN:14704"]}, {"type": "slackware", "idList": ["SSA-2016-359-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1287-1", "OPENSUSE-SU-2016:1441-1", "OPENSUSE-SU-2016:1523-1", "SUSE-SU-2016:1508-1", "SUSE-SU-2016:1512-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "threatpost", "idList": ["THREATPOST:603611CA0EA45F34F1C1E31D5FBEC166"]}, {"type": "ubuntu", "idList": ["USN-2677-1", "USN-2726-1", "USN-2740-1", "USN-3013-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1270", "UB:CVE-2015-1271", "UB:CVE-2015-1272", "UB:CVE-2015-1273", "UB:CVE-2015-1274", "UB:CVE-2015-1276", "UB:CVE-2015-1277", "UB:CVE-2015-1278", "UB:CVE-2015-1279", "UB:CVE-2015-1280", "UB:CVE-2015-1281", "UB:CVE-2015-1282", "UB:CVE-2015-1283", "UB:CVE-2015-1284", "UB:CVE-2015-1285", "UB:CVE-2015-1286", "UB:CVE-2015-1287", "UB:CVE-2015-1288", "UB:CVE-2015-1289", "UB:CVE-2015-1290", "UB:CVE-2015-2716", "UB:CVE-2016-4472"]}, {"type": "veracode", "idList": ["VERACODE:26863"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1364"]}, {"type": "apple", "idList": ["APPLE:9A0B3B0DFCDD94CAF1819BEC271E3754"]}, {"type": "archlinux", "idList": ["ASA-201605-22"]}, {"type": "chrome", "idList": ["GCSA-4373103836158955363"]}, {"type": "cve", "idList": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3582-1:D0BF8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1271", "DEBIANCVE:CVE-2015-1283", "DEBIANCVE:CVE-2015-1290"]}, {"type": "f5", "idList": ["F5:K15104541"]}, {"type": "freebsd", "idList": ["0DA8A68E-600A-11E6-A6C3-14DAE9D210B8"]}, {"type": "gentoo", "idList": ["GLSA-201603-09"]}, {"type": "ibm", "idList": ["06C99EB15420DA5A539FFB3A44458D94DAC3394C9290BCEA793D01F5ED040762", "1E2DFD1B919A2E774921AB01DBFD031EF4B85DBDB3FF58C6A33FC16C44A81962", "284CB5E897879204BDB37B73545D3C28EC0BBFB38CEDC197313B96514E0C8DEF", "AF0238154AA1358490B320F50C9820D8CA6D89CDB7190FCD9E4A0779A6DDCA6E"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-1290/"]}, {"type": "nessus", "idList": ["8854.PASL", "DEBIAN_DSA-3318.NASL", "FREEBSD_PKG_0DA8A68E600A11E6A6C314DAE9D210B8.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703315", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310842437", "OPENVAS:703318"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-4472"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32385"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1508-1"]}, {"type": "ubuntu", "idList": ["USN-2740-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1290"]}]}, "exploitation": null, "vulnersScore": 0.5}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "44.0.2403.89", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "44.0.2403.89", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-npapi"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "44.0.2403.89", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-pulse"}], "_state": {"dependencies": 1659988328, "score": 1659834166}, "_internal": {"score_hash": "6e6de41a45393a094b1ad85d6bb2dfff"}}

{"nessus": [{"lastseen": "2021-08-19T12:45:03", "description": "Google Chrome Releases reports :\n\n43 security fixes in this release, including :\n\n- [446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.\n\n- [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.\n\n- [461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi.\n\n- [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.\n\n- [472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.\n\n- [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.\n\n- [486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.\n\n- [487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.\n\n- [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.\n\n- [492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.\n\n- [493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.\n\n- [504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.\n\n- [505374] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team.\n\n- [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.\n\n- [444573] Medium CVE-2015-1270: Uninitialized memory read in ICU.\nCredit to Atte Kettunen of OUSPG.\n\n- [451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.\n\n- [479743] Medium CVE-2015-1277: Use-after-free in accessibility.\nCredit to SkyLined.\n\n- [482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.\n\n- [498982] Medium CVE-2015-1285: Information leak in XSS auditor.\nCredit to gazheyes.\n\n- [479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com.\n\n- [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-27T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (9d732078-32c7-11e5-b263-00262d5ed8ee)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-1290"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-npapi", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9D73207832C711E5B26300262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/84994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84994);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1290\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (9d732078-32c7-11e5-b263-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n43 security fixes in this release, including :\n\n- [446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit\nto cloudfuzzer.\n\n- [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit\nto makosoft.\n\n- [461858] High CVE-2015-1274: Settings allowed executable files to\nrun immediately after download. Credit to andrewm.bpi.\n\n- [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to\nWangTao(neobyte) of Baidu X-Team.\n\n- [472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to\nCollin Payne.\n\n- [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit\nto mlafon.\n\n- [486947] High CVE-2015-1280: Memory corruption in skia. Credit to\ncloudfuzzer.\n\n- [487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.\n\n- [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to\nChamal de Silva.\n\n- [492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit\nto sidhpurwala.huzaifa.\n\n- [493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte\nKettunen of OUSPG.\n\n- [504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.\n\n- [505374] High CVE-2015-1290: Memory corruption in V8. Credit to\nYongjun Liu of NSFOCUS Security Team.\n\n- [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to\nfiledescriptor.\n\n- [444573] Medium CVE-2015-1270: Uninitialized memory read in ICU.\nCredit to Atte Kettunen of OUSPG.\n\n- [451456] Medium CVE-2015-1272: Use-after-free related to unexpected\nGPU process termination. Credit to Chamal de Silva.\n\n- [479743] Medium CVE-2015-1277: Use-after-free in accessibility.\nCredit to SkyLined.\n\n- [482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit\nto Chamal de Silva.\n\n- [498982] Medium CVE-2015-1285: Information leak in XSS auditor.\nCredit to gazheyes.\n\n- [479162] Low CVE-2015-1288: Spell checking dictionaries fetched over\nHTTP. Credit to mike@michaelruddy.com.\n\n- [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # http://googlechromereleases.blogspot.nl/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/\"\n );\n # https://vuxml.freebsd.org/freebsd/9d732078-32c7-11e5-b263-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49fbd5e3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<44.0.2403.89\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<44.0.2403.89\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<44.0.2403.89\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:45:11", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 44.0.2403.89. It is, therefore, affected by multiple vulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code or cause a denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU process is unexpectedly terminated. An attacker can exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows EXE files to be auto-opened, which can result in the execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Google Chrome for Android due to improper validation of 'intent://' URLs. An attacker, using a specially crafted request, can exploit this to execute arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a use-after-free memory error in the method ui::AXTree::Unserialize. An attacker can exploit this to cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method CJBig2_Image::expand() in file JBig2_Image.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation of user-supplied input, which an attacker can exploit to corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the file javascript/Document.cpp. An attacker, using a crafted file, can exploit this to execute arbitrary code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that allows an attacker to gain access to sensitive information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Blink due to improper validation of unspecified input. An attacker, using a crafted request, can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of the quirks-mode exception for CSS MIME types, which allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc, related to the downloading of spellchecker dictionaries over HTTP, which allows a man-in-the-middle to corrupt the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by internal auditing, fuzzing, and other initiatives, which can result in a denial of service, execution of arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)", "cvss3": {"score": null, "vector": null}, "published": "2015-07-22T00:00:00", "type": "nessus", "title": "Google Chrome < 44.0.2403.89 Multiple Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_44_0_2403_89.NASL", "href": "https://www.tenable.com/plugins/nessus/84922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84922);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-1270\",\n \"CVE-2015-1271\",\n \"CVE-2015-1272\",\n \"CVE-2015-1273\",\n \"CVE-2015-1274\",\n \"CVE-2015-1275\",\n \"CVE-2015-1276\",\n \"CVE-2015-1277\",\n \"CVE-2015-1278\",\n \"CVE-2015-1279\",\n \"CVE-2015-1280\",\n \"CVE-2015-1281\",\n \"CVE-2015-1282\",\n \"CVE-2015-1283\",\n \"CVE-2015-1284\",\n \"CVE-2015-1285\",\n \"CVE-2015-1286\",\n \"CVE-2015-1287\",\n \"CVE-2015-1288\",\n \"CVE-2015-1289\"\n );\n script_bugtraq_id(75973);\n\n script_name(english:\"Google Chrome < 44.0.2403.89 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an\n attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to\n improper validation of user-supplied input. An attacker\n can exploit this to execute arbitrary code or cause a\n denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU\n process is unexpectedly terminated. An attacker can\n exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows\n EXE files to be auto-opened, which can result in the\n execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Google Chrome for Android due to improper\n validation of 'intent://' URLs. An attacker, using a\n specially crafted request, can exploit this to execute\n arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that\n can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a\n use-after-free memory error in the method\n ui::AXTree::Unserialize. An attacker can exploit this to\n cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that\n allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method\n CJBig2_Image::expand() in file JBig2_Image.cpp due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service or the execution of\n arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation\n of user-supplied input, which an attacker can exploit to\n corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to\n bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the\n file javascript/Document.cpp. An attacker, using a\n crafted file, can exploit this to execute arbitrary\n code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can\n allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that\n allows an attacker to gain access to sensitive\n information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Blink due to improper validation of\n unspecified input. An attacker, using a crafted request,\n can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of\n the quirks-mode exception for CSS MIME types, which\n allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc,\n related to the downloading of spellchecker dictionaries\n over HTTP, which allows a man-in-the-middle to corrupt\n the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by\n internal auditing, fuzzing, and other initiatives,\n which can result in a denial of service, execution of\n arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)\");\n # http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50bc47d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 44.0.2403.89 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'44.0.2403.89', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:01", "description": "Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1271: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1273: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1274: Settings allowed executable files to run immediately after download\n\n - CVE-2015-1275: UXSS in Chrome for Android\n\n - CVE-2015-1276: Use-after-free in IndexedDB\n\n - CVE-2015-1279: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1280: Memory corruption in skia\n\n - CVE-2015-1281: CSP bypass\n\n - CVE-2015-1282: Use-after-free in pdfium\n\n - CVE-2015-1283: Heap-buffer-overflow in expat\n\n - CVE-2015-1284: Use-after-free in blink\n\n - CVE-2015-1286: UXSS in blink\n\n - CVE-2015-1287: SOP bypass with CSS\n\n - CVE-2015-1270: Uninitialized memory read in ICU\n\n - CVE-2015-1272: Use-after-free related to unexpected GPU process termination\n\n - CVE-2015-1277: Use-after-free in accessibility\n\n - CVE-2015-1278: URL spoofing using pdf files\n\n - CVE-2015-1285: Information leak in XSS auditor\n\n - CVE-2015-1288: Spell checking dictionaries fetched over HTTP\n\n - CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives\n\n - CVE-2015-5605: Rgular-expression implementation mishandles interrupts, DoS via JS\n\nThe following non-security changes are included :\n\n - A number of new apps/extension APIs\n\n - Lots of under the hood changes for stability and performance\n\n - Pepper Flash plugin updated to 18.0.0.209", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2015-513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-5605"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-513.NASL", "href": "https://www.tenable.com/plugins/nessus/85003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-513.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85003);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2015-513)\");\n script_summary(english:\"Check for the openSUSE-2015-513 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1271: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1273: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1274: Settings allowed executable files to run\n immediately after download\n\n - CVE-2015-1275: UXSS in Chrome for Android\n\n - CVE-2015-1276: Use-after-free in IndexedDB\n\n - CVE-2015-1279: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1280: Memory corruption in skia\n\n - CVE-2015-1281: CSP bypass\n\n - CVE-2015-1282: Use-after-free in pdfium\n\n - CVE-2015-1283: Heap-buffer-overflow in expat\n\n - CVE-2015-1284: Use-after-free in blink\n\n - CVE-2015-1286: UXSS in blink\n\n - CVE-2015-1287: SOP bypass with CSS\n\n - CVE-2015-1270: Uninitialized memory read in ICU\n\n - CVE-2015-1272: Use-after-free related to unexpected GPU\n process termination\n\n - CVE-2015-1277: Use-after-free in accessibility\n\n - CVE-2015-1278: URL spoofing using pdf files\n\n - CVE-2015-1285: Information leak in XSS auditor\n\n - CVE-2015-1288: Spell checking dictionaries fetched over\n HTTP\n\n - CVE-2015-1289: Various fixes from internal audits,\n fuzzing and other initiatives\n\n - CVE-2015-5605: Rgular-expression implementation\n mishandles interrupts, DoS via JS\n\nThe following non-security changes are included :\n\n - A number of new apps/extension APIs\n\n - Lots of under the hood changes for stability and\n performance\n\n - Pepper Flash plugin updated to 18.0.0.209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=939077\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-44.0.2403.89-38.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:36", "description": "The version of Google Chrome installed on the remote Windows host is prior to 44.0.2403.89 and is affected by multiple vulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an attacker can exploit to have unspecified impact. (CVE-2015-1270) \n - A heap buffer overflow condition exists in PDFium due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code or cause a denial of service. (CVE-2015-1271, CVE-2015-1273)\n - A use-after-free memory error exists when the GPU process is unexpectedly terminated. An attacker can exploit this to have an unspecified impact. (CVE-2015-1272)\n - The settings for automatic downloading of files allows EXE files to be auto-opened, which can result in the execution of malicious code. (CVE-2015-1274)\n- A universal cross-site scripting (UXSS) vulnerability exists in Google Chrome for Android due to improper validation of 'intent://' URLs. An attacker, using a specially crafted request, can exploit this to execute arbitrary script code. (CVE-2015-1275)\n - A use-after-free memory error exists in IndexedDB that can allow an attacker to execute arbitrary code. (CVE-2015-1276)\n - A denial of service vulnerability exists due to a use-after-free memory error in the method 'ui::AXTree::Unserialize'. An attacker can exploit this to cause a crash. (CVE-2015-1277)\n - An unspecified flaw exists when handling PDF files that allows an attacker to spoof URLs. (CVE-2015-1278)\n - An integer overflow condition exists in the method 'CJBig2_Image::expand()' in file JBig2_Image.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-1279)\n - A flaw exists in Google Skia due to improper validation of user-supplied input, which an attacker can exploit to corrupt memory or execute arbitrary code. (CVE-2015-1280)\n - An unspecified flaw exists that allows an attacker to bypass the Content Security Policy. (CVE-2015-1281)\n - A use-after-free memory error exists in PDFium in the file javascript/Document.cpp. An attacker, using a crafted file, can exploit this to execute arbitrary code. (CVE-2015-1282)\n - A heap buffer overflow condition exists in 'expat'. No other information is available. (CVE-2015-1283)\n - A use-after-free memory error exists in Blink that can allow an attacker to execute arbitrary code. (CVE-2015-1284)\n - An unspecified flaw exists in the XSS auditor that allows an attacker to gain access to sensitive information. (CVE-2015-1285)\n - A universal cross-site scripting (UXSS) vulnerability exists in Blink due to improper validation of unspecified input. An attacker, using a crafted request, can exploit this to execute arbitrary script code. (CVE-2015-1286)\n - A flaw exists in WebKit related to the handling of the quirks-mode exception for CSS MIME types, which allows an attacker to bypass the cross-origin policy. (CVE-2015-1287)\n - A flaw exists in file 'spellcheck_hunspell_dictionary.cc', related to the downloading of spellchecker dictionaries over HTTP, which allows a man-in-the-middle to corrupt the downloaded dictionaries. (CVE-2015-1288)\n - Multiple vulnerabilities exist that were disclosed by internal auditing, fuzzing, and other initiatives, which can result in a denial of service, execution of arbitrary code, or other moderate to severe impact. (CVE-2015-1289)\n - The regular-expression engine in Google V8 is affected by a denial of service vulnerability. Remote attackers using specially crafted JavaScript code could cause an application crash. (CVE-2015-5605)", "cvss3": {"score": null, "vector": null}, "published": "2015-09-08T00:00:00", "type": "nessus", "title": "Google Chrome < 44.0.2403.89 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-5605", "CVE-2015-1275"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "8853.PASL", "href": "https://www.tenable.com/plugins/nnm/8853", "sourceData": "Binary data 8853.pasl", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:01:25", "description": "The version of Google Chrome installed on the remote Windows host is prior to 44.0.2403.89. It is, therefore, affected by multiple vulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code or cause a denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU process is unexpectedly terminated. An attacker can exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows EXE files to be auto-opened, which can result in the execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Google Chrome for Android due to improper validation of 'intent://' URLs. An attacker, using a specially crafted request, can exploit this to execute arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a use-after-free memory error in the method ui::AXTree::Unserialize. An attacker can exploit this to cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method CJBig2_Image::expand() in file JBig2_Image.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation of user-supplied input, which an attacker can exploit to corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the file javascript/Document.cpp. An attacker, using a crafted file, can exploit this to execute arbitrary code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that allows an attacker to gain access to sensitive information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Blink due to improper validation of unspecified input. An attacker, using a crafted request, can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of the quirks-mode exception for CSS MIME types, which allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc, related to the downloading of spellchecker dictionaries over HTTP, which allows a man-in-the-middle to corrupt the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by internal auditing, fuzzing, and other initiatives, which can result in a denial of service, execution of arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)", "cvss3": {"score": null, "vector": null}, "published": "2015-07-22T00:00:00", "type": "nessus", "title": "Google Chrome < 44.0.2403.89 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_44_0_2403_89.NASL", "href": "https://www.tenable.com/plugins/nessus/84921", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84921);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-1270\",\n \"CVE-2015-1271\",\n \"CVE-2015-1272\",\n \"CVE-2015-1273\",\n \"CVE-2015-1274\",\n \"CVE-2015-1275\",\n \"CVE-2015-1276\",\n \"CVE-2015-1277\",\n \"CVE-2015-1278\",\n \"CVE-2015-1279\",\n \"CVE-2015-1280\",\n \"CVE-2015-1281\",\n \"CVE-2015-1282\",\n \"CVE-2015-1283\",\n \"CVE-2015-1284\",\n \"CVE-2015-1285\",\n \"CVE-2015-1286\",\n \"CVE-2015-1287\",\n \"CVE-2015-1288\",\n \"CVE-2015-1289\"\n );\n script_bugtraq_id(75973);\n\n script_name(english:\"Google Chrome < 44.0.2403.89 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 44.0.2403.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an\n attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to\n improper validation of user-supplied input. An attacker\n can exploit this to execute arbitrary code or cause a\n denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU\n process is unexpectedly terminated. An attacker can\n exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows\n EXE files to be auto-opened, which can result in the\n execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Google Chrome for Android due to improper\n validation of 'intent://' URLs. An attacker, using a\n specially crafted request, can exploit this to execute\n arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that\n can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a\n use-after-free memory error in the method\n ui::AXTree::Unserialize. An attacker can exploit this to\n cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that\n allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method\n CJBig2_Image::expand() in file JBig2_Image.cpp due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service or the execution of\n arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation\n of user-supplied input, which an attacker can exploit to\n corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to\n bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the\n file javascript/Document.cpp. An attacker, using a\n crafted file, can exploit this to execute arbitrary\n code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can\n allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that\n allows an attacker to gain access to sensitive\n information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Blink due to improper validation of\n unspecified input. An attacker, using a crafted request,\n can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of\n the quirks-mode exception for CSS MIME types, which\n allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc,\n related to the downloading of spellchecker dictionaries\n over HTTP, which allows a man-in-the-middle to corrupt\n the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by\n internal auditing, fuzzing, and other initiatives,\n which can result in a denial of service, execution of\n arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)\");\n # http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50bc47d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 44.0.2403.89 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'44.0.2403.89', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:06", "description": "Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272, CVE-2015-1273, CVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279, CVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285, CVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)\n\nAll Chromium users should upgrade to these updated packages, which contain Chromium version 44.0.2403.89, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-28T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2015:1499)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-5605"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2015-1499.NASL", "href": "https://www.tenable.com/plugins/nessus/85039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1499. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85039);\n script_version(\"2.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\");\n script_xref(name:\"RHSA\", value:\"2015:1499\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2015:1499)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272,\nCVE-2015-1273, CVE-2015-1274, CVE-2015-1276, CVE-2015-1277,\nCVE-2015-1278, CVE-2015-1279, CVE-2015-1281, CVE-2015-1282,\nCVE-2015-1283, CVE-2015-1284, CVE-2015-1285, CVE-2015-1286,\nCVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 44.0.2403.89, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # http://googlechromereleases.blogspot.com/2015/07/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2015/07/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1289\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1499\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-44.0.2403.89-1.el6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-44.0.2403.89-1.el6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-44.0.2403.89-1.el6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-44.0.2403.89-1.el6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:04:55", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu.\n\n - CVE-2015-1267 A way to bypass the Same Origin Policy was discovered.\n\n - CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\n - CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed.\n\n - CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\n - CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library.\n\n - CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation.\n\n - CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium.\n\n - CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download.\n\n - CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation.\n\n - CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium's accessibility implementation.\n\n - CVE-2015-1278 Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\n - CVE-2015-1279 mlafon discovered a buffer overflow in the pdfium library.\n\n - CVE-2015-1280 cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\n - CVE-2015-1281 Masato Knugawa discovered a way to bypass the Content Security Policy.\n\n - CVE-2015-1282 Chamal de Silva discovered multiple use-after-free issues in the pdfium library.\n\n - CVE-2015-1283 Huzaifa Sidhpurwala discovered a buffer overflow in the expat library.\n\n - CVE-2015-1284 Atte Kettunen discovered that the maximum number of page frames was not correctly checked.\n\n - CVE-2015-1285 gazheyes discovered an information leak in the XSS auditor, which normally helps to prevent certain classes of cross-site scripting problems.\n\n - CVE-2015-1286 A cross-site scripting issue was discovered in the interface to the v8 JavaScript library.\n\n - CVE-2015-1287 filedescriptor discovered a way to bypass the Same Origin Policy.\n\n - CVE-2015-1288 Mike Ruddy discovered that the spellchecking dictionaries could still be downloaded over plain HTTP (related to CVE-2015-1263 ).\n\n - CVE-2015-1289 The chrome 44 development team found and fixed various issues during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension by default in this version, which if enabled downloads files without the user's intervention.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-3315-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1263", "CVE-2015-1266", "CVE-2015-1267", "CVE-2015-1268", "CVE-2015-1269", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3315.NASL", "href": "https://www.tenable.com/plugins/nessus/84992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3315. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84992);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\", \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_bugtraq_id(75332, 75333, 75334, 75336, 75973);\n script_xref(name:\"DSA\", value:\"3315\");\n\n script_name(english:\"Debian DSA-3315-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1266\n Intended access restrictions could be bypassed for\n certain URLs like chrome://gpu.\n\n - CVE-2015-1267\n A way to bypass the Same Origin Policy was discovered.\n\n - CVE-2015-1268\n Mariusz Mlynski also discovered a way to bypass the Same\n Origin Policy.\n\n - CVE-2015-1269\n Mike Rudy discovered that hostnames were not properly\n compared in the HTTP Strict Transport Policy and HTTP\n Public Key Pinning features, which could allow those\n access restrictions to be bypassed.\n\n - CVE-2015-1270\n Atte Kettunen discovered an uninitialized memory read in\n the ICU library.\n\n - CVE-2015-1271\n cloudfuzzer discovered a buffer overflow in the pdfium\n library.\n\n - CVE-2015-1272\n Chamal de Silva discovered race conditions in the GPU\n process implementation.\n\n - CVE-2015-1273\n makosoft discovered a buffer overflow in openjpeg, which\n is used by the pdfium library embedded in chromium.\n\n - CVE-2015-1274\n andrewm.bpi discovered that the auto-open list allowed\n certain file types to be executed immediately after\n download.\n\n - CVE-2015-1276\n Colin Payne discovered a use-after-free issue in the\n IndexedDB implementation.\n\n - CVE-2015-1277\n SkyLined discovered a use-after-free issue in chromium's\n accessibility implementation.\n\n - CVE-2015-1278\n Chamal de Silva discovered a way to use PDF documents to\n spoof a URL.\n\n - CVE-2015-1279\n mlafon discovered a buffer overflow in the pdfium\n library.\n\n - CVE-2015-1280\n cloudfuzzer discovered a memory corruption issue in the\n SKIA library.\n\n - CVE-2015-1281\n Masato Knugawa discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2015-1282\n Chamal de Silva discovered multiple use-after-free\n issues in the pdfium library.\n\n - CVE-2015-1283\n Huzaifa Sidhpurwala discovered a buffer overflow in the\n expat library.\n\n - CVE-2015-1284\n Atte Kettunen discovered that the maximum number of page\n frames was not correctly checked.\n\n - CVE-2015-1285\n gazheyes discovered an information leak in the XSS\n auditor, which normally helps to prevent certain classes\n of cross-site scripting problems.\n\n - CVE-2015-1286\n A cross-site scripting issue was discovered in the\n interface to the v8 JavaScript library.\n\n - CVE-2015-1287\n filedescriptor discovered a way to bypass the Same\n Origin Policy.\n\n - CVE-2015-1288\n Mike Ruddy discovered that the spellchecking\n dictionaries could still be downloaded over plain HTTP\n (related to CVE-2015-1263 ).\n\n - CVE-2015-1289\n The chrome 44 development team found and fixed various\n issues during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3315\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 44.0.2403.89-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T18:58:41", "description": "An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implemetation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context of a microtask in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Content Security Policy (CSP) restrictions.\n(CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page's maximum number of frames in some circumstances, resulting in a use-after-free. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly choose a truncation point. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-1285)\n\nAn issue was discovered in the CSS implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions.\n(CVE-2015-1287)\n\nMultiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1289)\n\nA use-after-free was discovered in oxide::qt::URLRequestDelegatedJob in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program.\n(CVE-2015-1329)\n\nA crash was discovered in the regular expression implementation in V8 in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-5605).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-08-05T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2677-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1287", "CVE-2015-1289", "CVE-2015-1329", "CVE-2015-5605"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2677-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2677-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85240);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1287\", \"CVE-2015-1289\", \"CVE-2015-1329\", \"CVE-2015-5605\");\n script_xref(name:\"USN\", value:\"2677-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2677-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An uninitialized value issue was discovered in ICU. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service. (CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implemetation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context\nof a microtask in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to bypass Content Security Policy (CSP) restrictions.\n(CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page's maximum number\nof frames in some circumstances, resulting in a use-after-free. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia renderer crash, or execute arbitrary code with the privileges of\nthe sandboxed render process. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly\nchoose a truncation point. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto obtain sensitive information. (CVE-2015-1285)\n\nAn issue was discovered in the CSS implementation in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to bypass same-origin restrictions.\n(CVE-2015-1287)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1289)\n\nA use-after-free was discovered in oxide::qt::URLRequestDelegatedJob\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2015-1329)\n\nA crash was discovered in the regular expression implementation in V8\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service. (CVE-2015-5605).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2677-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.8.4-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.8.4-0ubuntu0.15.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:44:24", "description": "It was discovered that the International Components for Unicode (ICU) library mishandles converter names starting with x-, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-16T00:00:00", "type": "nessus", "title": "Debian DSA-3360-1 : icu - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icu", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3360.NASL", "href": "https://www.tenable.com/plugins/nessus/85944", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3360. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85944);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1270\");\n script_xref(name:\"DSA\", value:\"3360\");\n\n script_name(english:\"Debian DSA-3360-1 : icu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x-, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3360\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icu packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"icu-devtools\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icu-doc\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu-dev\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu52\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu52-dbg\", reference:\"52.1-8+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T17:33:03", "description": "The remote host is affected by the vulnerability described in GLSA-201603-09 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-14T00:00:00", "type": "nessus", "title": "GLSA-201603-09 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-1291", "CVE-2015-1292", "CVE-2015-1293", "CVE-2015-1294", "CVE-2015-1295", "CVE-2015-1296", "CVE-2015-1297", "CVE-2015-1298", "CVE-2015-1299", "CVE-2015-1300", "CVE-2015-1302", "CVE-2015-1303", "CVE-2015-1304", "CVE-2015-6755", "CVE-2015-6756", "CVE-2015-6757", "CVE-2015-6758", "CVE-2015-6759", "CVE-2015-6760", "CVE-2015-6761", "CVE-2015-6762", "CVE-2015-6763", "CVE-2015-6764", "CVE-2015-6765", "CVE-2015-6766", "CVE-2015-6767", "CVE-2015-6768", "CVE-2015-6769", "CVE-2015-6770", "CVE-2015-6771", "CVE-2015-6772", "CVE-2015-6773", "CVE-2015-6774", "CVE-2015-6775", "CVE-2015-6776", "CVE-2015-6777", "CVE-2015-6778", "CVE-2015-6779", "CVE-2015-6780", "CVE-2015-6781", "CVE-2015-6782", "CVE-2015-6783", "CVE-2015-6784", "CVE-2015-6785", "CVE-2015-6786", "CVE-2015-6787", "CVE-2015-6788", "CVE-2015-6789", "CVE-2015-6790", "CVE-2015-6791", "CVE-2015-6792", "CVE-2015-8126", "CVE-2016-1612", "CVE-2016-1613", "CVE-2016-1614", "CVE-2016-1615", "CVE-2016-1616", "CVE-2016-1617", "CVE-2016-1618", "CVE-2016-1619", "CVE-2016-1620", "CVE-2016-1621", "CVE-2016-1622", "CVE-2016-1623", "CVE-2016-1624", "CVE-2016-1625", "CVE-2016-1626", "CVE-2016-1627", "CVE-2016-1628", "CVE-2016-1629", "CVE-2016-1630", "CVE-2016-1631", "CVE-2016-1632", "CVE-2016-1633", "CVE-2016-1634", "CVE-2016-1635", "CVE-2016-1636", "CVE-2016-1637", "CVE-2016-1638", "CVE-2016-1639", "CVE-2016-1640", "CVE-2016-1641"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201603-09.NASL", "href": "https://www.tenable.com/plugins/nessus/89902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89902);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\", \"CVE-2015-1295\", \"CVE-2015-1296\", \"CVE-2015-1297\", \"CVE-2015-1298\", \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1302\", \"CVE-2015-1303\", \"CVE-2015-1304\", \"CVE-2015-6755\", \"CVE-2015-6756\", \"CVE-2015-6757\", \"CVE-2015-6758\", \"CVE-2015-6759\", \"CVE-2015-6760\", \"CVE-2015-6761\", \"CVE-2015-6762\", \"CVE-2015-6763\", \"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\", \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\", \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\", \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\", \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\", \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\", \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-6792\", \"CVE-2015-8126\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\", \"CVE-2016-1621\", \"CVE-2016-1622\", \"CVE-2016-1623\", \"CVE-2016-1624\", \"CVE-2016-1625\", \"CVE-2016-1626\", \"CVE-2016-1627\", \"CVE-2016-1628\", \"CVE-2016-1629\", \"CVE-2016-1630\", \"CVE-2016-1631\", \"CVE-2016-1632\", \"CVE-2016-1633\", \"CVE-2016-1634\", \"CVE-2016-1635\", \"CVE-2016-1636\", \"CVE-2016-1637\", \"CVE-2016-1638\", \"CVE-2016-1639\", \"CVE-2016-1640\", \"CVE-2016-1641\");\n script_xref(name:\"GLSA\", value:\"201603-09\");\n\n script_name(english:\"GLSA-201603-09 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-09\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-49.0.2623.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 49.0.2623.87\"), vulnerable:make_list(\"lt 49.0.2623.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-22T16:38:53", "description": "Multiple integer overflows have been discovered in the XML_GetBuffer() function in the expat library. Impact : The integer overflows may be exploited by using specifically crafted XML data and lead to infinite loop, or a heap buffer overflow, which results in a Denial of Service condition, or enables remote attackers to execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2016-08-12T00:00:00", "type": "nessus", "title": "FreeBSD : FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser (0da8a68e-600a-11e6-a6c3-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:FreeBSD", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0DA8A68E600A11E6A6C314DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/92894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92894);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-1283\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:20.expat\");\n\n script_name(english:\"FreeBSD : FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser (0da8a68e-600a-11e6-a6c3-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows have been discovered in the XML_GetBuffer()\nfunction in the expat library. Impact : The integer overflows may be\nexploited by using specifically crafted XML data and lead to infinite\nloop, or a heap buffer overflow, which results in a Denial of Service\ncondition, or enables remote attackers to execute arbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/0da8a68e-600a-11e6-a6c3-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca899499\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.1<10.1_18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.2<10.2_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=9.3<9.3_23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T17:14:56", "description": "Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-28T00:00:00", "type": "nessus", "title": "Debian DSA-3318-1 : expat - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:expat", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3318.NASL", "href": "https://www.tenable.com/plugins/nessus/85032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3318. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85032);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1283\");\n script_xref(name:\"DSA\", value:\"3318\");\n\n script_name(english:\"Debian DSA-3318-1 : expat - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows have been discovered in Expat, an XML\nparsing C library, which may result in denial of service or the\nexecution of arbitrary code if a malformed XML file is processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/expat\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/expat\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3318\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the expat packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.1.0-1+deb7u2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"expat\", reference:\"2.1.0-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lib64expat1\", reference:\"2.1.0-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lib64expat1-dev\", reference:\"2.1.0-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libexpat1\", reference:\"2.1.0-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libexpat1-dev\", reference:\"2.1.0-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libexpat1-udeb\", reference:\"2.1.0-1+deb7u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"expat\", reference:\"2.1.0-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lib64expat1\", reference:\"2.1.0-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lib64expat1-dev\", reference:\"2.1.0-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libexpat1\", reference:\"2.1.0-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libexpat1-dev\", reference:\"2.1.0-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libexpat1-udeb\", reference:\"2.1.0-6+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:22:41", "description": "The version of tested product installed on the remote host is 12.3 prior to 12.3R12-S12, 12.3X48 prior to 12.3X48-D76, 14.1X53 prior to 14.1X53-D48, 15.1 prior to 15.1R5, 15.1X49 prior to 15.1X49-D151, 15.1 prior to 15.1F6-S12 or 16.1 prior to 16.1R2. It is, therefore, affected by a denial of service (DoS) vulnerability. An unauthenticated, remote attacker can exploit this issue, via a crafted XML data input, to cause the system to stop responding and potentially with other possible unspecified impacts as referenced in the JSA10904 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2019-05-29T00:00:00", "type": "nessus", "title": "Juniper JSA10904", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2021-02-05T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10904.NASL", "href": "https://www.tenable.com/plugins/nessus/125546", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125546);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-1283\");\n\n script_name(english:\"Juniper JSA10904\");\n script_summary(english:\"Checks the Junos version and build date.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is 12.3 prior\nto 12.3R12-S12, 12.3X48 prior to 12.3X48-D76, 14.1X53 prior to 14.1X53-D48,\n15.1 prior to 15.1R5, 15.1X49 prior to 15.1X49-D151, 15.1 prior to 15.1F6-S12\nor 16.1 prior to 16.1R2. It is, therefore, affected by a denial of service \n(DoS) vulnerability. An unauthenticated, remote attacker can exploit this \nissue, via a crafted XML data input, to cause the system to stop responding\nand potentially with other possible unspecified impacts as referenced in the\nJSA10904 advisory. \nNote that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10904\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper advisory JSA10904\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/model\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('junos.inc');\ninclude('misc_func.inc');\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nfixes = make_array();\n\nfixes[\"12.3\"] = \"12.3R12-S12\";\nfixes[\"15.1\"] = \"15.1R5\";\nfixes[\"15.1F\"] = \"15.1F6-S12\";\nfixes[\"16.1\"] = \"16.1R2\";\n\nif (model =~ \"^SRX\")\n{\n fixes[\"12.3X48\"] = \"12.3X48-D76\";\n fixes[\"15.1X49\"] = \"15.1X49-D151\";\n}\n\nif (model =~ \"^(EX2200|EX3200|EX3300|EX4200|EX4300|EX4550|EX4600|EX6200|EX8200/VC \$XRE\$|QFX3500|QFX3600|QFX5100)\")\n fixes[\"14.1X53\"] = \"14.1X53-D48\";\n\nif (model =~ '^(EX2300|EX3400)')\n fixes['15.1X53'] = '15.1X53-D10';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\nreport = get_report(ver:ver, fix:fix);\nsecurity_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T17:17:08", "description": "It was discovered that Expat incorrectly handled malformed XML data.\nIf a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : expat vulnerability (USN-2726-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:lib64expat1", "p-cpe:/a:canonical:ubuntu_linux:libexpat1", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2726-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2726-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85724);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1283\");\n script_xref(name:\"USN\", value:\"2726-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : expat vulnerability (USN-2726-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Expat incorrectly handled malformed XML data.\nIf a user or application linked against Expat were tricked into\nopening a crafted XML file, an attacker could cause a denial of\nservice, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2726-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lib64expat1 and / or libexpat1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7.2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7.2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"lib64expat1\", pkgver:\"2.1.0-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libexpat1\", pkgver:\"2.1.0-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"lib64expat1\", pkgver:\"2.1.0-6ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libexpat1\", pkgver:\"2.1.0-6ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lib64expat1 / libexpat1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:47", "description": "Qt 5 was updated to the 5.5.1 release to deliver upstream improvements and fixes to Qt functionality.\n\nThe following Security fixes are contained in QtWebEngineCore :\n\n - ICU: CVE-2014-8146, CVE-2014-8147\n\n - Blink: CVE-2015-1284, CVE-2015-1291, CVE-2015-1292\n\n - Skia: CVE-2015-1294\n\n - V8: CVE-2015-1290\n\nThe following packages were rebuilt because they use private headers :\n\n - calibre\n\n - fcitx-qt5\n\n - frameworkintegration\n\n - kwayland\n\n - kwin5,\n\n - lxqt-powermanagement\n\n - lxqt-qtplugin", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-12-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Qt 5 (openSUSE-2015-953)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8146", "CVE-2014-8147", "CVE-2015-1284", "CVE-2015-1290", "CVE-2015-1291", "CVE-2015-1292", "CVE-2015-1294"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:calibre", "p-cpe:/a:novell:opensuse:calibre-debuginfo", "p-cpe:/a:novell:opensuse:calibre-debugsource", "p-cpe:/a:novell:opensuse:fcitx-qt5", "p-cpe:/a:novell:opensuse:fcitx-qt5-32bit", "p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo", "p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:fcitx-qt5-debugsource", "p-cpe:/a:novell:opensuse:fcitx-qt5-devel", "p-cpe:/a:novell:opensuse:frameworkintegration-debugsource", "p-cpe:/a:novell:opensuse:frameworkintegration-devel", "p-cpe:/a:novell:opensuse:frameworkintegration-devel-32bit", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin-32bit", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kwayland", "p-cpe:/a:novell:opensuse:kwayland-32bit", "p-cpe:/a:novell:opensuse:kwayland-debuginfo", "p-cpe:/a:novell:opensuse:kwayland-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kwayland-debugsource", "p-cpe:/a:novell:opensuse:kwayland-devel", "p-cpe:/a:novell:opensuse:kwayland-devel-32bit", "p-cpe:/a:novell:opensuse:kwin5", "p-cpe:/a:novell:opensuse:kwin5-debuginfo", "p-cpe:/a:novell:opensuse:kwin5-debugsource", "p-cpe:/a:novell:opensuse:kwin5-devel", "p-cpe:/a:novell:opensuse:kwin5-lang", "p-cpe:/a:novell:opensuse:libKF5Style5", "p-cpe:/a:novell:opensuse:libKF5Style5-32bit", "p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo", "p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libKF5Style5-lang", "p-cpe:/a:novell:opensuse:libQt53DCollision-devel", "p-cpe:/a:novell:opensuse:libQt53DCollision5", "p-cpe:/a:novell:opensuse:libQt53DCollision5-32bit", "p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DCore-devel", "p-cpe:/a:novell:opensuse:libQt53DCore5", "p-cpe:/a:novell:opensuse:libQt53DCore5-32bit", "p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DInput-devel", "p-cpe:/a:novell:opensuse:libQt53DInput5", "p-cpe:/a:novell:opensuse:libQt53DInput5-32bit", "p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DLogic-devel", "p-cpe:/a:novell:opensuse:libQt53DLogic5", "p-cpe:/a:novell:opensuse:libQt53DLogic5-32bit", "p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuick-devel", "p-cpe:/a:novell:opensuse:libQt53DQuick5", "p-cpe:/a:novell:opensuse:libQt53DQuick5-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer-devel", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DRenderer-devel", "p-cpe:/a:novell:opensuse:libQt53DRenderer5", "p-cpe:/a:novell:opensuse:libQt53DRenderer5-32bit", "p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-32bit", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static", "p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5CLucene5", "p-cpe:/a:novell:opensuse:libQt5CLucene5-32bit", "p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Compositor5", "p-cpe:/a:novell:opensuse:libQt5Compositor5-32bit", "p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Core-devel", "p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Core5", "p-cpe:/a:novell:opensuse:libQt5Core5-32bit", "p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-devel", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5DBus5", "p-cpe:/a:novell:opensuse:libQt5DBus5-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Declarative5", "p-cpe:/a:novell:opensuse:libQt5Declarative5-32bit", "p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Designer5", "p-cpe:/a:novell:opensuse:libQt5Designer5-32bit", "p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-32bit", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui-devel", "p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Gui5", "p-cpe:/a:novell:opensuse:libQt5Gui5-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Help5", "p-cpe:/a:novell:opensuse:libQt5Help5-32bit", "p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Location5", "p-cpe:/a:novell:opensuse:libQt5Location5-32bit", "p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Multimedia5", "p-cpe:/a:novell:opensuse:libQt5Multimedia5-32bit", "p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Network-devel", "p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Network5", "p-cpe:/a:novell:opensuse:libQt5Network5-32bit", "p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Nfc5", "p-cpe:/a:novell:opensuse:libQt5Nfc5-32bit", "p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Nfc5-imports", "p-cpe:/a:novell:opensuse:libQt5Nfc5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5OpenGL5", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Positioning5", "p-cpe:/a:novell:opensuse:libQt5Positioning5-32bit", "p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Script5", "p-cpe:/a:novell:opensuse:libQt5Script5-32bit", "p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sensors5", "p-cpe:/a:novell:opensuse:libQt5Sensors5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sensors5-imports", "p-cpe:/a:novell:opensuse:libQt5Sensors5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5SerialPort5", "p-cpe:/a:novell:opensuse:libQt5SerialPort5-32bit", "p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql-devel", "p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Sql5", "p-cpe:/a:novell:opensuse:libQt5Sql5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Svg5", "p-cpe:/a:novell:opensuse:libQt5Svg5-32bit", "p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Test-devel", "p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Test5", "p-cpe:/a:novell:opensuse:libQt5Test5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5-32bit", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebChannel5", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-32bit", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebKit-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5WebKit5", "p-cpe:/a:novell:opensuse:libQt5WebKit5-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKit5-devel", "p-cpe:/a:novell:opensuse:libQt5WebKit5-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKit5-imports", "p-cpe:/a:novell:opensuse:libQt5WebKit5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebSockets5", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-32bit", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets5", "p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5X11Extras5", "p-cpe:/a:novell:opensuse:libQt5X11Extras5-32bit", "p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml-devel", "p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5", "p-cpe:/a:novell:opensuse:libQt5Xml5-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-32bit", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQtQuick5", "p-cpe:/a:novell:opensuse:libQtQuick5-32bit", "p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo", "p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-creator", "p-cpe:/a:novell:opensuse:libqt5-creator-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-creator-debugsource", "p-cpe:/a:novell:opensuse:libqt5-linguist", "p-cpe:/a:novell:opensuse:libqt5-linguist-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-linguist-devel", "p-cpe:/a:novell:opensuse:libqt5-qt3d-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qt3d-devel", "p-cpe:/a:novell:opensuse:libqt5-qt3d-examples", "p-cpe:/a:novell:opensuse:libqt5-qt3d-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qt3d-imports", "p-cpe:/a:novell:opensuse:libqt5-qt3d-imports-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qt3d-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2", "p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtct", "p-cpe:/a:novell:opensuse:libqt5-qtct-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtct-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtdoc", "p-cpe:/a:novell:opensuse:libqt5-qtgraphicaleffects", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-devel", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtscript-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtscript-devel", "p-cpe:/a:novell:opensuse:libqt5-qtscript-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtscript-examples", "p-cpe:/a:novell:opensuse:libqt5-qtscript-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtscript-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qttools", "p-cpe:/a:novell:opensuse:libqt5-qttools-32bit", "p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qttools-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qttools-devel", "p-cpe:/a:novell:opensuse:libqt5-qttools-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qttools-examples", "p-cpe:/a:novell:opensuse:libqt5-qttools-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qttools-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qttranslations", "p-cpe:/a:novell:opensuse:libqt5-qtwayland", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-examples", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-examples", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtx11extras-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel", "p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-private-headers-devel", "p-cpe:/a:novell:opensuse:lxqt-powermanagement", "p-cpe:/a:novell:opensuse:lxqt-powermanagement-debuginfo", "p-cpe:/a:novell:opensuse:lxqt-powermanagement-debugsource", "p-cpe:/a:novell:opensuse:lxqt-powermanagement-lang", "p-cpe:/a:novell:opensuse:lxqt-qtplugin", "p-cpe:/a:novell:opensuse:lxqt-qtplugin-debuginfo", "p-cpe:/a:novell:opensuse:lxqt-qtplugin-debugsource", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2015-953.NASL", "href": "https://www.tenable.com/plugins/nessus/87627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-953.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87627);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2015-1284\", \"CVE-2015-1290\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1294\");\n\n script_name(english:\"openSUSE Security Update : Qt 5 (openSUSE-2015-953)\");\n script_summary(english:\"Check for the openSUSE-2015-953 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qt 5 was updated to the 5.5.1 release to deliver upstream improvements\nand fixes to Qt functionality.\n\nThe following Security fixes are contained in QtWebEngineCore :\n\n - ICU: CVE-2014-8146, CVE-2014-8147\n\n - Blink: CVE-2015-1284, CVE-2015-1291, CVE-2015-1292\n\n - Skia: CVE-2015-1294\n\n - V8: CVE-2015-1290\n\nThe following packages were rebuilt because they use private headers :\n\n - calibre\n\n - fcitx-qt5\n\n - frameworkintegration\n\n - kwayland\n\n - kwin5,\n\n - lxqt-powermanagement\n\n - lxqt-qtplugin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959178\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected Qt 5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:calibre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:calibre-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:calibre-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-creator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-creator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-creator-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-linguist-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-linguist-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtct-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtct-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtx11extras-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-qtplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-qtplugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-qtplugin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"calibre-2.46.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"calibre-debuginfo-2.46.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"calibre-debugsource-2.46.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-debuginfo-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-debugsource-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-devel-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-debugsource-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-devel-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-plugin-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-plugin-debuginfo-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-debuginfo-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-debugsource-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-devel-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-debuginfo-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-debugsource-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-devel-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-lang-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libKF5Style5-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libKF5Style5-debuginfo-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libKF5Style5-lang-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCollision-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCollision5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCollision5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCore-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCore5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCore5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DInput-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DInput5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DInput5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DLogic-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DLogic5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DLogic5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuick-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuick5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuick5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuickRenderer-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuickRenderer5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuickRenderer5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DRenderer-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DRenderer5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DRenderer5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-imports-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-imports-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bootstrap-devel-static-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5CLucene5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5CLucene5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Compositor5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Compositor5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Concurrent-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Concurrent5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Concurrent5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus-devel-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Declarative5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Declarative5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Designer5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Designer5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DesignerComponents5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DesignerComponents5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Help5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Help5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Location5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Location5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Multimedia5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Multimedia5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-imports-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-imports-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGLExtensions-devel-static-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PlatformHeaders-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PlatformSupport-devel-static-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PlatformSupport-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Positioning5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Positioning5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Script5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Script5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-imports-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-imports-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5SerialPort5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5SerialPort5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-mysql-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-mysql-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-postgresql-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-postgresql-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-sqlite-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-sqlite-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-unixODBC-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Svg5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Svg5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WaylandClient5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WaylandClient5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-imports-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-imports-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-imports-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-imports-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-imports-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-imports-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5X11Extras5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5X11Extras5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Xml-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Xml5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Xml5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5XmlPatterns5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5XmlPatterns5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQtQuick5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQtQuick5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-creator-3.5.1-6.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-creator-debuginfo-3.5.1-6.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-creator-debugsource-3.5.1-6.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-linguist-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-linguist-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-linguist-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-debugsource-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-examples-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-examples-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-imports-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-imports-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-private-headers-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-common-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-common-devel-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-debugsource-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-doc-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-examples-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-examples-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-platformtheme-gtk2-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-platformtheme-gtk2-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-debugsource-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-examples-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-examples-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-private-headers-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-tools-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-tools-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtct-0.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtct-debuginfo-0.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtct-debugsource-0.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-devel-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-tools-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-tools-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdoc-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtgraphicaleffects-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-debugsource-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-examples-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-examples-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-private-headers-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-devel-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtserialport-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtserialport-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtserialport-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttranslations-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-debugsource-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-examples-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-examples-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-private-headers-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-debuginfo-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-debugsource-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-devel-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-examples-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-examples-debuginfo-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-private-headers-devel-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-examples-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtx11extras-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtx11extras-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-debuginfo-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-debugsource-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-lang-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-qtplugin-0.9.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-qtplugin-debuginfo-0.9.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-qtplugin-debugsource-0.9.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"fcitx-qt5-32bit-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"fcitx-qt5-debuginfo-32bit-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"frameworkintegration-devel-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"frameworkintegration-plugin-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"frameworkintegration-plugin-debuginfo-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kwayland-32bit-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kwayland-debuginfo-32bit-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kwayland-devel-32bit-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libKF5Style5-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libKF5Style5-debuginfo-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCollision5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCollision5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCore5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCore5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DInput5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DInput5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DLogic5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DLogic5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuick5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuick5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuickRenderer5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuickRenderer5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DRenderer5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DRenderer5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Bluetooth5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Bluetooth5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Bootstrap-devel-static-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5CLucene5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5CLucene5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Compositor5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Compositor5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Concurrent-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Core-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Core5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Core5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Declarative5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Declarative5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Designer5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Designer5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DesignerComponents5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DesignerComponents5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Gui-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Help5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Help5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Location5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Location5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Multimedia5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Multimedia5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Network-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Network5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Network5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Nfc5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Nfc5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGL-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGLExtensions-devel-static-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PlatformSupport-devel-static-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Positioning5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Positioning5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PrintSupport-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Script5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Script5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sensors5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sensors5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5SerialPort5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5SerialPort5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Svg5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Svg5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Test-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Test5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Test5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WaylandClient5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WaylandClient5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebChannel5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebChannel5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKit5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKit5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKit5-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKitWidgets-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKitWidgets5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKitWidgets5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebSockets5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebSockets5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Widgets-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5X11Extras5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5X11Extras5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Xml-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Xml5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Xml5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5XmlPatterns5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5XmlPatterns5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQtQuick5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQtQuick5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtconnectivity-devel-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtdeclarative-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtdeclarative-devel-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtimageformats-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtimageformats-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtlocation-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtmultimedia-devel-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtquick1-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtquick1-devel-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtscript-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtsensors-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtserialport-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtsvg-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qttools-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qttools-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qttools-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwayland-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwayland-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwayland-devel-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebchannel-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebengine-32bit-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebengine-debuginfo-32bit-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebengine-devel-32bit-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebsockets-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtx11extras-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtxmlpatterns-devel-32bit-5.5.1-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"calibre / calibre-debuginfo / calibre-debugsource / fcitx-qt5 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T16:02:48", "description": "This update for expat fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows.\n (bnc#980391) This update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : expat (openSUSE-2016-695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:expat", "p-cpe:/a:novell:opensuse:expat-debuginfo", "p-cpe:/a:novell:opensuse:expat-debuginfo-32bit", "p-cpe:/a:novell:opensuse:expat-debugsource", "p-cpe:/a:novell:opensuse:libexpat-devel", "p-cpe:/a:novell:opensuse:libexpat-devel-32bit", "p-cpe:/a:novell:opensuse:libexpat1", "p-cpe:/a:novell:opensuse:libexpat1-32bit", "p-cpe:/a:novell:opensuse:libexpat1-debuginfo", "p-cpe:/a:novell:opensuse:libexpat1-debuginfo-32bit", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-695.NASL", "href": "https://www.tenable.com/plugins/nessus/91530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-695.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91530);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\");\n\n script_name(english:\"openSUSE Security Update : expat (openSUSE-2016-695)\");\n script_summary(english:\"Check for the openSUSE-2016-695 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for expat fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles\n certain kinds of malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows.\n (bnc#980391) This update was imported from the\n SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980391\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"expat-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"expat-debuginfo-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"expat-debugsource-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libexpat-devel-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libexpat1-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libexpat1-debuginfo-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"expat-debuginfo-32bit-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libexpat-devel-32bit-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libexpat1-32bit-2.1.0-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libexpat1-debuginfo-32bit-2.1.0-17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-debuginfo-32bit / expat-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-16T16:03:15", "description": "This update for expat fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows.\n (bnc#980391)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : expat (SUSE-SU-2016:1512-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:expat", "p-cpe:/a:novell:suse_linux:libexpat1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1512-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1512-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91556);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\");\n script_bugtraq_id(75973);\n\n script_name(english:\"SUSE SLES11 Security Update : expat (SUSE-SU-2016:1512-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for expat fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles\n certain kinds of malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows.\n (bnc#980391)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0718/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161512-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e61ff77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3 :\n\nzypper in -t patch slestso13-expat-12600=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-expat-12600=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-expat-12600=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-expat-12600=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libexpat1-32bit-2.0.1-88.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libexpat1-32bit-2.0.1-88.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"expat-2.0.1-88.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libexpat1-2.0.1-88.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-16T16:03:31", "description": "This update for expat fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows.\n (bnc#980391)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2016:1508-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:expat", "p-cpe:/a:novell:suse_linux:expat-debuginfo", "p-cpe:/a:novell:suse_linux:expat-debugsource", "p-cpe:/a:novell:suse_linux:libexpat1", "p-cpe:/a:novell:suse_linux:libexpat1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1508-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91652", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1508-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91652);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\");\n script_bugtraq_id(75973);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2016:1508-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for expat fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles\n certain kinds of malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows.\n (bnc#980391)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0718/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161508-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?184fd414\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-898=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-898=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-898=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-898=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-898=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-898=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:expat-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"expat-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"expat-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"expat-debugsource-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libexpat1-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libexpat1-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"expat-debuginfo-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libexpat1-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libexpat1-debuginfo-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"expat-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"expat-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"expat-debugsource-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libexpat1-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libexpat1-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"expat-debuginfo-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libexpat1-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libexpat1-debuginfo-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"expat-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"expat-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"expat-debuginfo-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"expat-debugsource-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libexpat1-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libexpat1-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libexpat1-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libexpat1-debuginfo-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"expat-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"expat-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"expat-debuginfo-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"expat-debugsource-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libexpat1-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libexpat1-32bit-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libexpat1-debuginfo-2.1.0-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libexpat1-debuginfo-32bit-2.1.0-17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-16T15:43:34", "description": "The version of IBM HTTP Server running on the remote host is affected by a vulnerability. Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "IBM HTTP Server 8.5.0.0 <= 8.5.5.6 / 8.0.0.0 <= 8.0.0.11 / 7.0.0.0 <= 7.0.0.37 / 6.1.0.0 <= 6.1.0.47 (535175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_535175.NASL", "href": "https://www.tenable.com/plugins/nessus/144286", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144286);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-1283\");\n script_bugtraq_id(75973);\n\n script_name(english:\"IBM HTTP Server 8.5.0.0 <= 8.5.5.6 / 8.0.0.0 <= 8.0.0.11 / 7.0.0.0 <= 7.0.0.37 / 6.1.0.0 <= 6.1.0.47 (535175)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by a vulnerability. Multiple integer overflows in\nthe XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,\nallow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other\nimpact via crafted XML data, a related issue to CVE-2015-2716.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/535175\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 8.5.5.7, 8.0.0.12, 7.0.0.39 or later. Alternatively, upgrade to the minimal fix pack\nlevel required by the interim fix and then apply Interim Fix PI45596.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\nfix = 'Interim Fix PI45596';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n if ('PI45596' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.6', 'fixed_display' : '8.5.5.7 or Interim Fix PI45596'},\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.11', 'fixed_display' : '8.0.0.12 or Interim Fix PI45596'},\n { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.37', 'fixed_display' : '7.0.0.39 or Interim Fix PI45596'},\n { 'min_version' : '6.1.0.0', 'max_version' : '6.1.0.47', 'fixed_display' : 'Interim Fix PI45596'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-16T16:01:06", "description": "This update for expat fixes the following security issues :\n\n - CVE-2015-1283: Fixed multiple integer overflows that could lead to buffer overflows [boo#980391]\n\n - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of malformed input documents [boo#979441].", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : expat (openSUSE-2016-660)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:expat", "p-cpe:/a:novell:opensuse:expat-debuginfo", "p-cpe:/a:novell:opensuse:expat-debuginfo-32bit", "p-cpe:/a:novell:opensuse:expat-debugsource", "p-cpe:/a:novell:opensuse:libexpat-devel", "p-cpe:/a:novell:opensuse:libexpat-devel-32bit", "p-cpe:/a:novell:opensuse:libexpat1", "p-cpe:/a:novell:opensuse:libexpat1-32bit", "p-cpe:/a:novell:opensuse:libexpat1-debuginfo", "p-cpe:/a:novell:opensuse:libexpat1-debuginfo-32bit", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-660.NASL", "href": "https://www.tenable.com/plugins/nessus/91407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-660.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91407);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\");\n\n script_name(english:\"openSUSE Security Update : expat (openSUSE-2016-660)\");\n script_summary(english:\"Check for the openSUSE-2016-660 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for expat fixes the following security issues :\n\n - CVE-2015-1283: Fixed multiple integer overflows that\n could lead to buffer overflows [boo#980391]\n\n - CVE-2016-0718: Fixed Expat XML parser that mishandles\n certain kinds of malformed input documents [boo#979441].\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980391\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"expat-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"expat-debuginfo-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"expat-debugsource-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libexpat-devel-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libexpat1-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libexpat1-debuginfo-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"expat-debuginfo-32bit-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libexpat-devel-32bit-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libexpat1-32bit-2.1.0-14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libexpat1-debuginfo-32bit-2.1.0-14.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-debuginfo-32bit / expat-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-03T15:06:55", "description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283 .\n(CVE-2015-2716)", "cvss3": {"score": null, "vector": null}, "published": "2020-05-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : expat (ALAS-2020-1364)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2020-05-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:expat", "p-cpe:/a:amazon:linux:expat-debuginfo", "p-cpe:/a:amazon:linux:expat-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1364.NASL", "href": "https://www.tenable.com/plugins/nessus/136625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1364.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136625);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/19\");\n\n script_cve_id(\"CVE-2015-2716\");\n script_xref(name:\"ALAS\", value:\"2020-1364\");\n\n script_name(english:\"Amazon Linux AMI : expat (ALAS-2020-1364)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Buffer overflow in the XML parser in Mozilla Firefox before 38.0,\nFirefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows\nremote attackers to execute arbitrary code by providing a large amount\nof compressed XML data, a related issue to CVE-2015-1283 .\n(CVE-2015-2716)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1364.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update expat' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"expat-2.1.0-11.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-debuginfo-2.1.0-11.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-devel-2.1.0-11.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-14T15:18:23", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has expat packages installed that are affected by a vulnerability:\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Vulnerability (NS-SA-2020-0077)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0077_EXPAT.NASL", "href": "https://www.tenable.com/plugins/nessus/143942", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0077. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143942);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2015-2716\");\n script_bugtraq_id(74611);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Vulnerability (NS-SA-2020-0077)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has expat packages installed that are affected by\na vulnerability:\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and\n Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of\n compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0077\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL expat packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2716\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'expat-2.1.0-11.el7',\n 'expat-debuginfo-2.1.0-11.el7',\n 'expat-devel-2.1.0-11.el7',\n 'expat-static-2.1.0-11.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'expat-2.1.0-11.el7',\n 'expat-debuginfo-2.1.0-11.el7',\n 'expat-devel-2.1.0-11.el7',\n 'expat-static-2.1.0-11.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-14T15:18:22", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has expat packages installed that are affected by a vulnerability:\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : expat Vulnerability (NS-SA-2020-0116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0116_EXPAT.NASL", "href": "https://www.tenable.com/plugins/nessus/144005", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0116. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144005);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2015-2716\");\n script_bugtraq_id(74611);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : expat Vulnerability (NS-SA-2020-0116)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has expat packages installed that are affected by\na vulnerability:\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and\n Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of\n compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL expat packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2716\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'expat-2.1.0-11.el7',\n 'expat-debuginfo-2.1.0-11.el7',\n 'expat-devel-2.1.0-11.el7',\n 'expat-static-2.1.0-11.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'expat-2.1.0-11.el7',\n 'expat-debuginfo-2.1.0-11.el7',\n 'expat-devel-2.1.0-11.el7',\n 'expat-static-2.1.0-11.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:59", "description": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.\n(CVE-2015-1283)", "cvss3": {"score": null, "vector": null}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Expat XML library vulnerability (K15104541)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL15104541.NASL", "href": "https://www.tenable.com/plugins/nessus/93971", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15104541.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93971);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2015-1283\", \"CVE-2015-2716\");\n script_bugtraq_id(74611, 75973);\n\n script_name(english:\"F5 Networks BIG-IP : Expat XML library vulnerability (K15104541)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple integer overflows in the XML_GetBuffer function in Expat\nthrough 2.1.0, as used in Google Chrome before 44.0.2403.89 and other\nproducts, allow remote attackers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted XML data, a related issue to CVE-2015-2716.\n(CVE-2015-1283)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15104541\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15104541.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15104541\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\",\"10.2.1-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\",\"10.2.1-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\",\"10.2.1-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\",\"10.2.1-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.5\",\"11.4.0-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.0.0-13.1.1\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.4.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.2.1\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.2.1\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T17:15:27", "description": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-27T00:00:00", "type": "nessus", "title": "Debian DLA-281-1 : expat security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:expat", "p-cpe:/a:debian:debian_linux:lib64expat1", "p-cpe:/a:debian:debian_linux:lib64expat1-dev", "p-cpe:/a:debian:debian_linux:libexpat1", "p-cpe:/a:debian:debian_linux:libexpat1-dev", "p-cpe:/a:debian:debian_linux:libexpat1-udeb", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-281.NASL", "href": "https://www.tenable.com/plugins/nessus/84990", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-281-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84990);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1283\");\n script_bugtraq_id(75973);\n\n script_name(english:\"Debian DLA-281-1 : expat security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows in the XML_GetBuffer function in Expat\nthrough 2.1.0, as used in Google Chrome before 44.0.2403.89 and other\nproducts, allow remote attackers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted XML data, a related issue to CVE-2015-2716.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/07/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/expat\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lib64expat1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexpat1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexpat1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"expat\", reference:\"2.0.1-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib64expat1\", reference:\"2.0.1-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib64expat1-dev\", reference:\"2.0.1-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1\", reference:\"2.0.1-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1-dev\", reference:\"2.0.1-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1-udeb\", reference:\"2.0.1-7+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-04T14:28:04", "description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.\n(CVE-2015-2716)", "cvss3": {"score": null, "vector": null}, "published": "2017-03-01T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Expat XML library vulnerability (K50459349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL50459349.NASL", "href": "https://www.tenable.com/plugins/nessus/97446", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K50459349.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97446);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2015-1283\", \"CVE-2015-2716\");\n script_bugtraq_id(74611, 75973);\n\n script_name(english:\"F5 Networks BIG-IP : Expat XML library vulnerability (K50459349)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Buffer overflow in the XML parser in Mozilla Firefox before 38.0,\nFirefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows\nremote attackers to execute arbitrary code by providing a large amount\nof compressed XML data, a related issue to CVE-2015-1283.\n(CVE-2015-2716)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K50459349\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K50459349.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K50459349\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.3\",\"11.4.0-11.5.6\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.3.2\",\"11.5.7\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.0-11.5.6\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-21T14:59:58", "description": "Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. (CVE-2015-1270)\n\nIt was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-2632, CVE-2015-4760).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-17T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : icu vulnerabilities (USN-2740-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-2632", "CVE-2015-4760"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libicu48", "p-cpe:/a:canonical:ubuntu_linux:libicu52", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2740-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2740-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85982);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-2632\", \"CVE-2015-4760\");\n script_xref(name:\"USN\", value:\"2740-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : icu vulnerabilities (USN-2740-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Atte Kettunen discovered that ICU incorrectly handled certain\nconverter names. If an application using ICU processed crafted data, a\nremote attacker could possibly cause it to crash. (CVE-2015-1270)\n\nIt was discovered that ICU incorrectly handled certain memory\noperations when processing data. If an application using ICU processed\ncrafted data, a remote attacker could possibly cause it to crash or\npotentially execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2015-2632, CVE-2015-4760).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2740-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libicu48 and / or libicu52 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu48\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu52\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libicu48\", pkgver:\"4.8.1.1-3ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libicu52\", pkgver:\"52.1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libicu52\", pkgver:\"52.1-8ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libicu48 / libicu52\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-17T15:09:56", "description": "Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-18T00:00:00", "type": "nessus", "title": "Debian DSA-3582-1 : expat - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:expat", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3582.NASL", "href": "https://www.tenable.com/plugins/nessus/91200", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3582. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91200);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0718\", \"CVE-2016-4472\");\n script_xref(name:\"DSA\", value:\"3582\");\n\n script_name(english:\"Debian DSA-3582-1 : expat - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gustavo Grieco discovered that Expat, an XML parsing C library, does\nnot properly handle certain kinds of malformed input documents,\nresulting in buffer overflows during processing and error reporting. A\nremote attacker can take advantage of this flaw to cause an\napplication using the Expat library to crash, or potentially, to\nexecute arbitrary code with the privileges of the user running the\napplication.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/expat\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3582\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the expat packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u2. Additionally this update refreshes the fix for\nCVE-2015-1283 to avoid relying on undefined behavior.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"expat\", reference:\"2.1.0-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lib64expat1\", reference:\"2.1.0-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lib64expat1-dev\", reference:\"2.1.0-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libexpat1\", reference:\"2.1.0-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libexpat1-dev\", reference:\"2.1.0-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libexpat1-udeb\", reference:\"2.1.0-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T00:43:06", "description": "According to the version of the apr-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : apr-util (EulerOS-SA-2020-1639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716", "CVE-2016-4472"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:apr-util", "p-cpe:/a:huawei:euleros:apr-util-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1639.NASL", "href": "https://www.tenable.com/plugins/nessus/137481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137481);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4472\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : apr-util (EulerOS-SA-2020-1639)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the apr-util packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The overflow protection in Expat is removed by\n compilers with certain optimization settings, which\n allows remote attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via crafted\n XML data. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1283 and\n CVE-2015-2716.(CVE-2016-4472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1639\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9735cc16\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apr-util package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"apr-util-1.5.2-6.h1\",\n \"apr-util-devel-1.5.2-6.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr-util\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T17:35:34", "description": "Adam Maris reports :\n\nIt was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-01T00:00:00", "type": "nessus", "title": "FreeBSD : expat2 -- denial of service (ff76f0e0-3f11-11e6-b3c8-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716", "CVE-2016-4472"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:expat", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FF76F0E03F1111E6B3C814DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/91913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91913);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4472\");\n\n script_name(english:\"FreeBSD : expat2 -- denial of service (ff76f0e0-3f11-11e6-b3c8-14dae9d210b8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adam Maris reports :\n\nIt was found that original patch for issues CVE-2015-1283 and\nCVE-2015-2716 used overflow checks that could be optimized out by some\ncompilers applying certain optimization settings, which can cause the\nvulnerability to remain even after applying the patch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1344251\"\n );\n # https://vuxml.freebsd.org/freebsd/ff76f0e0-3f11-11e6-b3c8-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?041d609b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"expat<2.1.1_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-16T16:03:04", "description": "It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service.\n(CVE-2016-5300)\n\nGustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-4472).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-21T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : xmlrpc-c vulnerabilities (USN-3013-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6702", "CVE-2015-1283", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-c%2b%2b4", "p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3013-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3013-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91729);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2012-6702\", \"CVE-2015-1283\", \"CVE-2016-0718\", \"CVE-2016-4472\", \"CVE-2016-5300\");\n script_xref(name:\"USN\", value:\"3013-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : xmlrpc-c vulnerabilities (USN-3013-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Expat code in XML-RPC for C and C++\nunexpectedly called srand in certain circumstances. This could reduce\nthe security of calling applications. (CVE-2012-6702)\n\nIt was discovered that the Expat code in XML-RPC for C and C++\nincorrectly handled seeding the random number generator. A remote\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2016-5300)\n\nGustavo Grieco discovered that the Expat code in XML-RPC for C and C++\nincorrectly handled malformed XML data. If a user or application\nlinked against XML-RPC for C and C++ were tricked into opening a\ncrafted XML file, an attacker could cause a denial of service, or\npossibly execute arbitrary code. (CVE-2016-0718)\n\nIt was discovered that the Expat code in XML-RPC for C and C++\nincorrectly handled malformed XML data. If a user or application\nlinked against XML-RPC for C and C++ were tricked into opening a\ncrafted XML file, an attacker could cause a denial of service, or\npossibly execute arbitrary code. (CVE-2015-1283, CVE-2016-4472).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3013-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxmlrpc-c++4 and / or libxmlrpc-core-c3\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-c++4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxmlrpc-c++4\", pkgver:\"1.16.33-3.1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxmlrpc-core-c3\", pkgver:\"1.16.33-3.1ubuntu5.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxmlrpc-c++4 / libxmlrpc-core-c3\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-16T15:18:56", "description": "According to the versions of the xulrunner package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.(CVE-2012-6702)\n\n - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472)\n\n - Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.(CVE-2016-0718)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : xulrunner (EulerOS-SA-2020-1619)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6702", "CVE-2015-1283", "CVE-2015-2716", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:xulrunner", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1619.NASL", "href": "https://www.tenable.com/plugins/nessus/137461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137461);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2012-6702\",\n \"CVE-2016-0718\",\n \"CVE-2016-4472\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : xulrunner (EulerOS-SA-2020-1619)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the xulrunner package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Expat, when used in a parser that has not called\n XML_SetHashSalt or passed it a seed of 0, makes it\n easier for context-dependent attackers to defeat\n cryptographic protection mechanisms via vectors\n involving use of the srand function.(CVE-2012-6702)\n\n - The overflow protection in Expat is removed by\n compilers with certain optimization settings, which\n allows remote attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via crafted\n XML data. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1283 and\n CVE-2015-2716.(CVE-2016-4472)\n\n - Expat allows context-dependent attackers to cause a\n denial of service (crash) or possibly execute arbitrary\n code via a malformed input document, which triggers a\n buffer overflow.(CVE-2016-0718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1619\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?598b0149\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xulrunner packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"xulrunner-31.6.0-3.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:04:53", "description": "New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2016-359-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6702", "CVE-2015-1283", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:expat", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2016-359-01.NASL", "href": "https://www.tenable.com/plugins/nessus/96092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-359-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96092);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6702\", \"CVE-2015-1283\", \"CVE-2016-0718\", \"CVE-2016-4472\", \"CVE-2016-5300\");\n script_xref(name:\"SSA\", value:\"2016-359-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2016-359-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New expat packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567786\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e91e6f9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected expat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "chrome": [{"lastseen": "2021-12-30T22:33:54", "description": "The Chrome team is delighted to announce the promotion of Chrome 44 to the stable channel for Windows, Mac and Linux. Chrome 44.0.2403.89 contains a number of fixes and improvements, including:\n\n * A number of new apps/extension APIs\n\n * Lots of under the hood changes for stability and performance\n\nA list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/43.0.2357.134..44.0.2403.89?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<http://chrome.blogspot.com/>) and[ Chromium](<http://blog.chromium.org/>) blog posts about new features and big efforts delivered in 44.\n\n\n\n\nSecurity Fixes and Rewards\n\n\n\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes[ 43 security fixes](<https://code.google.com/p/chromium/issues/list?can=1&q=Release%3D0-M44+Status%3AFixed%2CVerified&colspec=ID+Pri+M+Stars+ReleaseBlock+Cr+Status+Owner+Summary+OS+Modified+Reporter&x=m&y=releaseblock&cells=tiles>). Below, we highlight fixes that were contributed by external researchers. Please see the[ Chromium security page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$3000][[446032](<https://code.google.com/p/chromium/issues/detail?id=446032>)] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.\n\n[$3000][[459215](<https://code.google.com/p/chromium/issues/detail?id=459215>)] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[461858](<https://code.google.com/p/chromium/issues/detail?id=461858>)] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$7500][[462843](<https://code.google.com/p/chromium/issues/detail?id=462843>)] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[472614](<https://code.google.com/p/chromium/issues/detail?id=472614>)] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$5500][[483981](<https://code.google.com/p/chromium/issues/detail?id=483981>)] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$5000][[486947](<https://code.google.com/p/chromium/issues/detail?id=486947>)] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$1000][[487155](<https://code.google.com/p/chromium/issues/detail?id=487155>)] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[487928](<https://code.google.com/p/chromium/issues/detail?id=487928>)] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[492052](<https://code.google.com/p/chromium/issues/detail?id=492052>)] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$2000][[493243](<https://code.google.com/p/chromium/issues/detail?id=493243>)] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.\n\n[$7500][[504011](<https://code.google.com/p/chromium/issues/detail?id=504011>)] High CVE-2015-1286: UXSS in blink. Credit to anonymous[.](<https://code.google.com/u/117154691211413633534/>) \n[$TBD][[505374](<https://code.google.com/p/chromium/issues/detail?id=505374>)] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team.\n\n[$1337][[419383](<https://code.google.com/p/chromium/issues/detail?id=419383>)] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.\n\n[$1000][[444573](<https://code.google.com/p/chromium/issues/detail?id=444573>)] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.\n\n[$500][[451456](<https://code.google.com/p/chromium/issues/detail?id=451456>)] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva[.](<https://code.google.com/u/117154691211413633534/>)\n\n[[479743](<https://code.google.com/p/chromium/issues/detail?id=479743>)] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$500][[482380](<https://code.google.com/p/chromium/issues/detail?id=482380>)] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$1337][[498982](<https://code.google.com/p/chromium/issues/detail?id=498982>)] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes[.](<https://code.google.com/u/117154691211413633534/>)\n\n[$500][[479162](<https://code.google.com/p/chromium/issues/detail?id=479162>)] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com.\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[512110](<https://code.google.com/p/chromium/issues/detail?id=512110>)] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.\n\n\n\n\nMany of the above bugs were detected using[ AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>) or[ MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>).\n\n\n\n\nInterested in switching release channels?[ Find out how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by[ filing a bug](<http://crbug.com/>).\n\n\n\n\nPenny MacNeil\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-21T00:00:00", "type": "chrome", "title": "Stable Channel Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-1290"], "modified": "2015-07-21T00:00:00", "id": "GCSA-4373103836158955363", "href": "https://chromereleases.googleblog.com/2015/07/stable-channel-update_21.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:31", "description": "A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category.\n\nTwo of the more serious vulnerabilities fixed in [Chrome 44](<http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html>) are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout engine in Chrome. The other one is in Chrome for Android. Universal XSS vulnerabilities allow attackers to exploit XSS bugs in browsers rather than on sites. Each of those vulnerabilities earned the researchers who reported them a $7,500 bug bounty from Google.\n\nAs part of that bounty program, Google paid out roughly $40,000 to external researchers who reported vulnerabilities to the company. Among the other vulnerabilities patched in this release are three heap buffer overflows in pdfium, the PDF rendering engine in Chrome. There also are a number of use-after-free bugs in various components patched in Chrome 44.\n\nHere\u2019s the list of vulnerabilities reported by external researchers:\n\n[$3000][[**446032**](<https://code.google.com/p/chromium/issues/detail?id=446032>)] **High** CVE-2015-1271: Heap-buffer-overflow in pdfium. _Credit to cloudfuzzer._\n\n[$3000][[**459215**](<https://code.google.com/p/chromium/issues/detail?id=459215>)] **High** CVE-2015-1273: Heap-buffer-overflow in pdfium. _Credit to makosoft_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**461858**](<https://code.google.com/p/chromium/issues/detail?id=461858>)] **High** CVE-2015-1274: Settings allowed executable files to run immediately after download. _Credit to andrewm.bpi_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$7500][[**462843**](<https://code.google.com/p/chromium/issues/detail?id=462843>)] **High** CVE-2015-1275: UXSS in Chrome for Android. _Credit to WangTao(neobyte) of Baidu X-Team_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**472614**](<https://code.google.com/p/chromium/issues/detail?id=472614>)] **High** CVE-2015-1276: Use-after-free in IndexedDB. _Credit to Collin Payne_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$5500][[**483981**](<https://code.google.com/p/chromium/issues/detail?id=483981>)] **High** CVE-2015-1279: Heap-buffer-overflow in pdfium. _Credit to mlafon_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$5000][[**486947**](<https://code.google.com/p/chromium/issues/detail?id=486947>)] **High** CVE-2015-1280: Memory corruption in skia. _Credit to cloudfuzzer_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$1000][[**487155**](<https://code.google.com/p/chromium/issues/detail?id=487155>)] **High **CVE-2015-1281: CSP bypass. _Credit to Masato Kinugawa_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**487928**](<https://code.google.com/p/chromium/issues/detail?id=487928>)] **High** CVE-2015-1282: Use-after-free in pdfium. _Credit to Chamal de Silva_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**492052**](<https://code.google.com/p/chromium/issues/detail?id=492052>)] **High** CVE-2015-1283: Heap-buffer-overflow in expat. _Credit to sidhpurwala.huzaifa_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$2000][[**493243**](<https://code.google.com/p/chromium/issues/detail?id=493243>)] **High** CVE-2015-1284: Use-after-free in blink. _Credit to Atte Kettunen of OUSPG._\n\n[$7500][[**504011**](<https://code.google.com/p/chromium/issues/detail?id=504011>)] **High** CVE-2015-1286: UXSS in blink. _Credit to anonymous_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$1337][[**419383**](<https://code.google.com/p/chromium/issues/detail?id=419383>)] **Medium** CVE-2015-1287: SOP bypass with CSS. _Credit to filedescriptor._\n\n[$1000][[**444573**](<https://code.google.com/p/chromium/issues/detail?id=444573>)] **Medium** CVE-2015-1270: Uninitialized memory read in ICU. _Credit to Atte Kettunen of OUSPG._\n\n[$500][[**451456**](<https://code.google.com/p/chromium/issues/detail?id=451456>)] **Medium** CVE-2015-1272: Use-after-free related to unexpected GPU process termination. _Credit to Chamal de Silva_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[[**479743**](<https://code.google.com/p/chromium/issues/detail?id=479743>)] **Medium** CVE-2015-1277: Use-after-free in accessibility. _Credit to SkyLined_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$500][[**482380**](<https://code.google.com/p/chromium/issues/detail?id=482380>)] **Medium** CVE-2015-1278: URL spoofing using pdf files. _Credit to Chamal de Silva_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$1337][[**498982**](<https://code.google.com/p/chromium/issues/detail?id=498982>)] **Medium **CVE-2015-1285: Information leak in XSS auditor. _Credit to gazheyes_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$500][[**479162**](<https://code.google.com/p/chromium/issues/detail?id=479162>)] **Low** CVE-2015-1288: Spell checking dictionaries fetched over HTTP. _Credit to mike@michaelruddy.com._\n", "cvss3": {}, "published": "2015-07-22T09:23:06", "type": "threatpost", "title": "Google Patches 43 Bugs in Chrome", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288"], "modified": "2015-07-24T20:00:05", "id": "THREATPOST:603611CA0EA45F34F1C1E31D5FBEC166", "href": "https://threatpost.com/google-patches-43-bugs-in-chrome/113892/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "description": "- CVE-2015-1270:\n\nUninitialized memory read in ICU.\n\n- CVE-2015-1271:\n\nHeap overflow in pdfium.\n\n- CVE-2015-1272, CVE-2015-1273, CVE-2015-1279:\n\nUse-after-free related to unexpected GPU process termination.\n\n- CVE-2015-1274:\n\nSettings allowed executable files to run immediately after download.\n\n- CVE-2015-1276 :\n\nUse-after-free in IndexedDB.\n\n- CVE-2015-1277:\n\nUse-after-free in accessibility.\n\n- CVE-2015-1278:\n\nURL spoofing using pdf files.\n\n- CVE-2015-1280:\n\nMemory corruption in skia.\n\n- CVE-2015-1281:\n\nCSP bypass.\n\n- CVE-2015-1282:\n\nUse-after-free in pdfium.\n\n- CVE-2015-1283:\n\nHeap-buffer-overflow in expat.\n\n- CVE-2015-1284:\n\nUse-after-free in blink.\n\n- CVE-2015-1285:\n\nInformation leak in XSS auditor.\n\n- CVE-2015-1286:\n\nUXSS in blink.\n\n- CVE-2015-1287:\n\nSOP bypass with CSS.\n\n- CVE-2015-1288:\n\nSpell checking dictionaries fetched over HTTP.\n\n- CVE-2015-1289:\n\nVarious fixes from internal audits, fuzzing and other initiatives.", "edition": 2, "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "archlinux", "title": "chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2015-07-23T00:00:00", "id": "ASA-201507-18", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:38", "description": "Multiple integer overflows in the XML_GetBuffer() function in Expat\nthrough 2.1.0 allow remote attackers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted XML data, a related issue to CVE-2015-2716.", "edition": 2, "cvss3": {}, "published": "2016-03-24T00:00:00", "type": "archlinux", "title": "expat: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2016-03-24T00:00:00", "id": "ASA-201603-23", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:46", "description": "- CVE-2015-1283 (arbitrary code execution)\n\nMultiple integer overflows in the XML_GetBuffer function allow remote\nattackers to cause a denial of service (heap-based buffer overflow) or\npossibly arbitrary code execution via crafted XML data.\nThis problem has already been fixed in version 2.1.0-1 but this update\nrefreshes the fix to avoid relying on undefined behavior.\n\n- CVE-2016-0718 (arbitrary code execution)\n\nThe Expat XML parser mishandles certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error\nreporting. The overflows can manifest as a segmentation fault or as\nmemory corruption during a parse operation. The bugs allow for a denial\nof service attack in many applications by an unauthenticated attacker,\nand could conceivably result in remote code execution.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-18T00:00:00", "type": "archlinux", "title": "expat: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-05-18T00:00:00", "id": "ASA-201605-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:46", "description": "- CVE-2015-1283 (arbitrary code execution)\n\nMultiple integer overflows in the XML_GetBuffer function allow remote\nattackers to cause a denial of service (heap-based buffer overflow) or\npossibly arbitrary code execution via crafted XML data.\nThis problem has already been fixed in version 2.1.0-1 but this update\nrefreshes the fix to avoid relying on undefined behavior.\n\n- CVE-2016-0718 (arbitrary code execution)\n\nThe Expat XML parser mishandles certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error\nreporting. The overflows can manifest as a segmentation fault or as\nmemory corruption during a parse operation. The bugs allow for a denial\nof service attack in many applications by an unauthenticated attacker,\nand could conceivably result in remote code execution.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-18T00:00:00", "type": "archlinux", "title": "lib32-expat: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-05-18T00:00:00", "id": "ASA-201605-23", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "description": "Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-1271: Heap-buffer-overflow in pdfium\n * CVE-2015-1273: Heap-buffer-overflow in pdfium\n * CVE-2015-1274: Settings allowed executable files to run immediately\n after download\n * CVE-2015-1275: UXSS in Chrome for Android\n * CVE-2015-1276: Use-after-free in IndexedDB\n * CVE-2015-1279: Heap-buffer-overflow in pdfium\n * CVE-2015-1280: Memory corruption in skia\n * CVE-2015-1281: CSP bypass\n * CVE-2015-1282: Use-after-free in pdfium\n * CVE-2015-1283: Heap-buffer-overflow in expat\n * CVE-2015-1284: Use-after-free in blink\n * CVE-2015-1286: UXSS in blink\n * CVE-2015-1287: SOP bypass with CSS\n * CVE-2015-1270: Uninitialized memory read in ICU\n * CVE-2015-1272: Use-after-free related to unexpected GPU process\n termination\n * CVE-2015-1277: Use-after-free in accessibility\n * CVE-2015-1278: URL spoofing using pdf files\n * CVE-2015-1285: Information leak in XSS auditor\n * CVE-2015-1288: Spell checking dictionaries fetched over HTTP\n * CVE-2015-1289: Various fixes from internal audits, fuzzing and other\n initiatives\n * CVE-2015-5605: Rgular-expression implementation mishandles interrupts,\n DoS via JS\n\n The following non-security changes are included:\n\n * A number of new apps/extension APIs\n * Lots of under the hood changes for stability and performance\n * Pepper Flash plugin updated to 18.0.0.209\n\n", "cvss3": {}, "published": "2015-07-26T21:08:24", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1275", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-5605", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2015-07-26T21:08:24", "id": "OPENSUSE-SU-2015:1287-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:48:25", "description": "This update for expat fixes the following security issues:\n\n - CVE-2015-1283: Fixed multiple integer overflows that could lead to\n buffer overflows [boo#980391]\n - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of\n malformed input documents [boo#979441].\n\n", "cvss3": {}, "published": "2016-05-30T14:09:21", "type": "suse", "title": "Security update for expat (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-05-30T14:09:21", "id": "OPENSUSE-SU-2016:1441-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:28:28", "description": "This update for expat fixes the following issues:\n\n Security issue fixed:\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391)\n\n", "cvss3": {}, "published": "2016-06-07T13:08:02", "type": "suse", "title": "Security update for expat (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-06-07T13:08:02", "id": "SUSE-SU-2016:1508-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:40:33", "description": "This update for expat fixes the following issues:\n\n Security issue fixed:\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391)\n\n", "cvss3": {}, "published": "2016-06-07T17:08:51", "type": "suse", "title": "Security update for expat (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-06-07T17:08:51", "id": "SUSE-SU-2016:1512-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:19:38", "description": "This update for expat fixes the following issues:\n\n Security issue fixed:\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) This update\n was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2016-06-08T12:07:50", "type": "suse", "title": "Security update for expat (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-06-08T12:07:50", "id": "OPENSUSE-SU-2016:1523-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-01-31T18:37:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2015:1287-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1275", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-5605", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850665", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850665\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\",\n \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\",\n \"CVE-2015-5605\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-11 11:55:23 +0530 (Tue, 11 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2015:1287-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-1271: Heap-buffer-overflow in pdfium\n\n * CVE-2015-1273: Heap-buffer-overflow in pdfium\n\n * CVE-2015-1274: Settings allowed executable files to run immediately\n after download\n\n * CVE-2015-1275: UXSS in Chrome for Android\n\n * CVE-2015-1276: Use-after-free in IndexedDB\n\n * CVE-2015-1279: Heap-buffer-overflow in pdfium\n\n * CVE-2015-1280: Memory corruption in skia\n\n * CVE-2015-1281: CSP bypass\n\n * CVE-2015-1282: Use-after-free in pdfium\n\n * CVE-2015-1283: Heap-buffer-overflow in expat\n\n * CVE-2015-1284: Use-after-free in blink\n\n * CVE-2015-1286: UXSS in blink\n\n * CVE-2015-1287: SOP bypass with CSS\n\n * CVE-2015-1270: Uninitialized memory read in ICU\n\n * CVE-2015-1272: Use-after-free related to unexpected GPU process\n termination\n\n * CVE-2015-1277: Use-after-free in accessibility\n\n * CVE-2015-1278: URL spoofing using pdf files\n\n * CVE-2015-1285: Information leak in XSS auditor\n\n * CVE-2015-1288: Spell checking dictionaries fetched over HTTP\n\n * CVE-2015-1289: Various fixes from internal audits, fuzzing and other\n initiatives\n\n * CVE-2015-5605: Rgular-expression implementation mishandles interrupts,\n DoS via JS\n\n The following non-security changes are included:\n\n * A number of new apps/extension APIs\n\n * Lots of under the hood changes for stability and performance\n\n * Pepper Flash plugin updated to 18.0.0.209\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1287-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:13:31", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 July15 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-5605", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284", "CVE-2015-1290"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310805936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805936", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 July15 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-21\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805936\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\",\n \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\",\n \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1286\", \"CVE-2015-1287\",\n \"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1277\", \"CVE-2015-1278\",\n \"CVE-2015-1285\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\",\n \"CVE-2015-1290\");\n script_bugtraq_id(75973, 76007);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 14:50:34 +0530 (Thu, 23 Jul 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 July15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple heap based buffer-overflow in pdfium.\n\n - An error which allows executable files to run immediately after download.\n\n - A use-after-free error in IndexedDB.\n\n - A memory corruption error in skia.\n\n - An error allowing content security policy (CSP) bypass.\n\n - A use-after-free error in pdfium.\n\n - A heap based buffer-overflow in expat.\n\n - A use-after-free error in blink.\n\n - Universal cross-site scripting (UXSS) error in blink.\n\n - An error in cascading style sheets (CSS) allowing to bypass same origin\n policy.\n\n - Uninitialized memory read error in ICU.\n\n - A use-after-free error related to unexpected GPU process termination.\n\n - A use-after-free error in accessibility.\n\n - An error leading to URL spoofing using pdf files.\n\n - An error leading to information leak in XSS auditor.\n\n - An error allowing spell checking dictionaries to be fetched over HTTP.\n\n - The regular-expression implementation in Google V8 mishandles interrupts.\n\n - Various other unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause a denial of service condition\n or potentially execute arbitrary code, conduct spoofing attack, gain sensitive\n information and other unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 44.0.2403.89 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 44.0.2403.89 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/07/stable-channel-update_21.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"44.0.2403.89\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"44.0.2403.89\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:59", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 July15 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-5605", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284", "CVE-2015-1290"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310805935", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805935", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 July15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-21\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805935\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\",\n \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\",\n \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1286\", \"CVE-2015-1287\",\n \"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1277\", \"CVE-2015-1278\",\n \"CVE-2015-1285\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\",\n \"CVE-2015-1290\");\n script_bugtraq_id(75973, 76007);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 14:49:13 +0530 (Thu, 23 Jul 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 July15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple heap based buffer-overflow in pdfium.\n\n - An error which allows executable files to run immediately after download.\n\n - A use-after-free error in IndexedDB.\n\n - A memory corruption error in skia.\n\n - An error allowing content security policy (CSP) bypass.\n\n - A use-after-free error in pdfium.\n\n - A heap based buffer-overflow in expat.\n\n - A use-after-free error in blink.\n\n - Universal cross-site scripting (UXSS) error in blink.\n\n - An error in cascading style sheets (CSS) allowing to bypass same origin\n policy.\n\n - Uninitialized memory read error in ICU.\n\n - A use-after-free error related to unexpected GPU process termination.\n\n - A use-after-free error in accessibility.\n\n - An error leading to URL spoofing using pdf files.\n\n - An error leading to information leak in XSS auditor.\n\n - An error allowing spell checking dictionaries to be fetched over HTTP.\n\n - The regular-expression implementation in Google V8 mishandles interrupts.\n\n - Various other unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause a denial of service condition\n or potentially execute arbitrary code, conduct spoofing attack, gain sensitive\n information and other unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 44.0.2403.89 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 44.0.2403.89 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/07/stable-channel-update_21.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"44.0.2403.89\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"44.0.2403.89\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:48", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 July15 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-5605", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284", "CVE-2015-1290"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310805934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805934", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 July15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-21\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805934\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\",\n \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\",\n \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1286\", \"CVE-2015-1287\",\n \"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1277\", \"CVE-2015-1278\",\n \"CVE-2015-1285\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\",\n \"CVE-2015-1290\");\n script_bugtraq_id(75973, 76007);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 13:02:12 +0530 (Thu, 23 Jul 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 July15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple heap based buffer-overflow in pdfium.\n\n - An error which allows executable files to run immediately after download.\n\n - A use-after-free error in IndexedDB.\n\n - A memory corruption error in skia.\n\n - An error allowing content security policy (CSP) bypass.\n\n - A use-after-free error in pdfium.\n\n - A heap based buffer-overflow in expat.\n\n - A use-after-free error in blink.\n\n - Universal cross-site scripting (UXSS) error in blink.\n\n - An error in cascading style sheets (CSS) allowing to bypass same origin\n policy.\n\n - Uninitialized memory read error in ICU.\n\n - A use-after-free error related to unexpected GPU process termination.\n\n - A use-after-free error in accessibility.\n\n - An error leading to URL spoofing using pdf files.\n\n - An error leading to information leak in XSS auditor.\n\n - An error allowing spell checking dictionaries to be fetched over HTTP.\n\n - The regular-expression implementation in Google V8 mishandles interrupts.\n\n - Various other unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause a denial of service condition\n or potentially execute arbitrary code, conduct spoofing attack, gain sensitive\n information and other unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 44.0.2403.89 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 44.0.2403.89 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/07/stable-channel-update_21.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"44.0.2403.89\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"44.0.2403.89\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:59", "description": "Mageia Linux Local Security Checks mgasa-2015-0288", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0288", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1263", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1272", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130090", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0288.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130090\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:35 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0288\");\n script_tag(name:\"insight\", value:\"Chromium-browser 44.0.2403.107 fixes several security issues.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0288.html\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1263\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0288\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"chromium-browser-stable\", rpm:\"chromium-browser-stable~44.0.2403.107~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:47", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267\nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273\nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274\nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276\nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277\nSkyLined discovered a use-after-free issue in chromium", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3315-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1263", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703315", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703315", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3315.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3315-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703315\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-1263\", \"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\",\n \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\",\n \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_name(\"Debian Security Advisory DSA 3315-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 00:00:00 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3315.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267\nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273\nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274\nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276\nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277\nSkyLined discovered a use-after-free issue in chromium's accessibility\nimplementation.\n\nCVE-2015-1278\nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\nmlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\nMasato Knugawa discovered a way to bypass the Content Security\nPolicy.\n\nCVE-2015-1282\nChamal de Silva discovered multiple use-after-free issues in the\npdfium library.\n\nCVE-2015-1283\nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\nlibrary.\n\nCVE-2015-1284\nAtte Kettunen discovered that the maximum number of page frames\nwas not correctly checked.\n\nCVE-2015-1285\ngazheyes discovered an information leak in the XSS auditor,\nwhich normally helps to prevent certain classes of cross-site\nscripting problems.\n\nCVE-2015-1286\nA cross-site scripting issue was discovered in the interface to\nthe v8 javascript library.\n\nCVE-2015-1287\nfiledescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288Mike Ruddy discovered that the spellchecking dictionaries could\nstill be downloaded over plain HTTP (related to CVE-2015-1263\n).\n\nCVE-2015-1289\nThe chrome 44 development team found and fixed various issues\nduring internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:50", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266 \nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267 \nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268 \nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269 \nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270 \nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271 \ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272 \nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273 \nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274 \nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276 \nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277 \nSkyLined discovered a use-after-free issue in chromium", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3315-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1263", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703315", "href": "http://plugins.openvas.org/nasl.php?oid=703315", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3315.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3315-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703315);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1263\", \"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\",\n \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\",\n \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_name(\"Debian Security Advisory DSA 3315-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-23 00:00:00 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3315.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266 \nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267 \nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268 \nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269 \nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270 \nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271 \ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272 \nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273 \nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274 \nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276 \nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277 \nSkyLined discovered a use-after-free issue in chromium's accessibility\nimplementation.\n\nCVE-2015-1278 \nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279 \nmlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280 \ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281 \nMasato Knugawa discovered a way to bypass the Content Security\nPolicy.\n\nCVE-2015-1282 \nChamal de Silva discovered multiple use-after-free issues in the\npdfium library.\n\nCVE-2015-1283 \nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\nlibrary.\n\nCVE-2015-1284 \nAtte Kettunen discovered that the maximum number of page frames\nwas not correctly checked.\n\nCVE-2015-1285 \ngazheyes discovered an information leak in the XSS auditor,\nwhich normally helps to prevent certain classes of cross-site\nscripting problems.\n\nCVE-2015-1286 \nA cross-site scripting issue was discovered in the interface to\nthe v8 javascript library.\n\nCVE-2015-1287 \nfiledescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288Mike Ruddy discovered that the spellchecking dictionaries could\nstill be downloaded over plain HTTP (related to CVE-2015-1263 \n).\n\nCVE-2015-1289 \nThe chrome 44 development team found and fixed various issues\nduring internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-2677-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1281", "CVE-2015-1329", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-5605", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1287", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-2677-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842401\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-05 05:08:52 +0200 (Wed, 05 Aug 2015)\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1283\", \"CVE-2015-1284\",\n \"CVE-2015-1285\", \"CVE-2015-1287\", \"CVE-2015-1289\", \"CVE-2015-1329\",\n \"CVE-2015-5605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-2677-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"An uninitialized value issue was discovered\nin ICU. If a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service.\n(CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context of\na microtask in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nbypass Content Security Policy (CSP) restrictions. (CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page's maximum number of\nframes in some circumstances, resulting in a use-after-free. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer crash,\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly choose a\ntruncation point. If a user were tricked in to open ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2677-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2677-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.8.4-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.8.4-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:55", "description": "It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x-\n, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.", "cvss3": {}, "published": "2015-09-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3360-1 (icu - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703360", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3360.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3360-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703360\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-1270\");\n script_name(\"Debian Security Advisory DSA 3360-1 (icu - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-15 00:00:00 +0200 (Tue, 15 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3360.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"icu on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 55.1-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 55.1-5.\n\nWe recommend that you upgrade your icu packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x-\n, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icu-devtools\", ver:\"52.1-8+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"52.1-8+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"52.1-8+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu52\", ver:\"52.1-8+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu52-dbg\", ver:\"52.1-8+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:43", "description": "It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x- \n, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.", "cvss3": {}, "published": "2015-09-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3360-1 (icu - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703360", "href": "http://plugins.openvas.org/nasl.php?oid=703360", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3360.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3360-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703360);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1270\");\n script_name(\"Debian Security Advisory DSA 3360-1 (icu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-15 00:00:00 +0200 (Tue, 15 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3360.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icu on Debian Linux\");\n script_tag(name: \"insight\", value: \"ICU is a C++ and C library that provides robust and full-featured\nUnicode and locale support.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 55.1-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 55.1-5.\n\nWe recommend that you upgrade your icu packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x- \n, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icu-devtools\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu52\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu52-dbg\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:43", "description": "Mageia Linux Local Security Checks mgasa-2015-0287", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0287", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1270"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130091", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0287.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130091\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:36 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0287\");\n script_tag(name:\"insight\", value:\"The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU) mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file (CVE-2015-1270).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0287.html\");\n script_cve_id(\"CVE-2015-1270\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0287\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~53.1~12.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:37", "description": "Gentoo Linux Local Security Checks", "cvss3": {}, "published": "2016-03-14T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201603-09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6776", "CVE-2016-1628", "CVE-2016-1634", "CVE-2015-6775", "CVE-2016-1638", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6762", "CVE-2015-8126", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-6764", "CVE-2016-1612", "CVE-2015-6770", "CVE-2015-6760", "CVE-2015-6781", "CVE-2015-1291", "CVE-2016-1615", "CVE-2015-1275", "CVE-2016-1626", "CVE-2016-1618", "CVE-2015-1297", "CVE-2015-1286", "CVE-2016-1613", "CVE-2015-1298", "CVE-2015-1295", "CVE-2015-6771", "CVE-2015-1289", "CVE-2015-1296", "CVE-2015-1270", "CVE-2015-6784", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1300", "CVE-2015-1287", "CVE-2016-1621", "CVE-2016-1631", "CVE-2015-6774", "CVE-2015-6778", "CVE-2016-1640", "CVE-2016-1632", "CVE-2015-1282", "CVE-2016-1622", "CVE-2015-6772", "CVE-2015-1285", "CVE-2016-1639", "CVE-2016-1616", "CVE-2015-1302", "CVE-2015-1293", "CVE-2015-6758", "CVE-2015-1303", "CVE-2015-1294", "CVE-2016-1635", "CVE-2015-1276", "CVE-2015-1278", "CVE-2016-1620", "CVE-2015-6767", "CVE-2015-6783", "CVE-2016-1636", "CVE-2015-6787", "CVE-2015-6792", "CVE-2015-1277", "CVE-2016-1627", "CVE-2015-6786", "CVE-2016-1641", "CVE-2016-1633", "CVE-2016-1624", "CVE-2016-1617", "CVE-2015-6791", "CVE-2016-1629", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2016-1619", "CVE-2015-1271", "CVE-2015-1292", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6759", "CVE-2015-1273", "CVE-2015-6756", "CVE-2015-6768", "CVE-2015-6763", "CVE-2016-1630", "CVE-2016-1637", "CVE-2015-6765", "CVE-2015-6755", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-1304", "CVE-2015-6777", "CVE-2015-1280", "CVE-2015-1299", "CVE-2015-6757", "CVE-2016-1623", "CVE-2015-6782", "CVE-2016-1625", "CVE-2015-1284", "CVE-2016-1614", "CVE-2015-6761"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310121451", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201603-09.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121451\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 15:52:45 +0200 (Mon, 14 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201603-09\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201603-09\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\", \"CVE-2015-1295\", \"CVE-2015-1296\", \"CVE-2015-1297\", \"CVE-2015-1298\", \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1302\", \"CVE-2015-1303\", \"CVE-2015-1304\", \"CVE-2015-6755\", \"CVE-2015-6756\", \"CVE-2015-6757\", \"CVE-2015-6758\", \"CVE-2015-6759\", \"CVE-2015-6760\", \"CVE-2015-6761\", \"CVE-2015-6762\", \"CVE-2015-6763\", \"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\", \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\", \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\", \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\", \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\", \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\", \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-6792\", \"CVE-2015-8126\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\", \"CVE-2016-1621\", \"CVE-2016-1622\", \"CVE-2016-1623\", \"CVE-2016-1624\", \"CVE-2016-1625\", \"CVE-2016-1626\", \"CVE-2016-1627\", \"CVE-2016-1628\", \"CVE-2016-1629\", \"CVE-2016-1630\", \"CVE-2016-1631\", \"CVE-2016-1632\", \"CVE-2016-1633\", \"CVE-2016-1634\", \"CVE-2016-1635\", \"CVE-2016-1636\", \"CVE-2016-1637\", \"CVE-2016-1638\", \"CVE-2016-1639\", \"CVE-2016-1640\", \"CVE-2016-1641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 49.0.2623.87\"), vulnerable: make_list(\"lt 49.0.2623.87\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:13", "description": "Mageia Linux Local Security Checks mgasa-2015-0285", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0285", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130093", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130093", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0285.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130093\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:37 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0285\");\n script_tag(name:\"insight\", value:\"Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data (CVE-2015-1283).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0285.html\");\n script_cve_id(\"CVE-2015-1283\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0285\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.1.0~9.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for expat USN-2726-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for expat USN-2726-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842425\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-01 06:49:11 +0200 (Tue, 01 Sep 2015)\");\n script_cve_id(\"CVE-2015-1283\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for expat USN-2726-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'expat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Expat incorrectly\nhandled malformed XML data. If a user or application linked against Expat were\ntricked into opening a crafted XML file, an attacker could cause a denial of\nservice, or possibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"expat on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2726-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2726-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.1.0-4ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1:amd64\", ver:\"2.1.0-4ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1:i386\", ver:\"2.1.0-4ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7.2ubuntu1.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7.2ubuntu1.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:52:40", "description": "Multiple integer overflows have been\ndiscovered in Expat, an XML parsing library, which may result in denial of service\nor the execution of arbitrary code if a malformed XML file is processed.", "cvss3": {}, "published": "2015-07-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3318-1 (expat - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703318", "href": "http://plugins.openvas.org/nasl.php?oid=703318", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3318.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3318-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703318);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1283\");\n script_name(\"Debian Security Advisory DSA 3318-1 (expat - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-26 00:00:00 +0200 (Sun, 26 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3318.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"expat on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains xmlwf, an example\napplication of expat, the C library for parsing XML. The arguments to xmlwf are\none or more files which are each to be checked for XML well-formedness.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 2.1.0-1+deb7u2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0-7.\n\nWe recommend that you upgrade your expat packages.\");\n script_tag(name: \"summary\", value: \"Multiple integer overflows have been\ndiscovered in Expat, an XML parsing library, which may result in denial of service\nor the execution of arbitrary code if a malformed XML file is processed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"expat\", ver:\"2.1.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.1.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib64expat1-dev\", ver:\"2.1.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexpat1:amd64\", ver:\"2.1.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexpat1:i386\", ver:\"2.1.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexpat1-dev\", ver:\"2.1.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:29", "description": "Multiple integer overflows have been\ndiscovered in Expat, an XML parsing library, which may result in denial of service\nor the execution of arbitrary code if a malformed XML file is processed.", "cvss3": {}, "published": "2015-07-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3318-1 (expat - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703318", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703318", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3318.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3318-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703318\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-1283\");\n script_name(\"Debian Security Advisory DSA 3318-1 (expat - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-26 00:00:00 +0200 (Sun, 26 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3318.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"expat on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 2.1.0-1+deb7u2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0-7.\n\nWe recommend that you upgrade your expat packages.\");\n script_tag(name:\"summary\", value:\"Multiple integer overflows have been\ndiscovered in Expat, an XML parsing library, which may result in denial of service\nor the execution of arbitrary code if a malformed XML file is processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"expat\", ver:\"2.1.0-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.1.0-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1-dev\", ver:\"2.1.0-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1:amd64\", ver:\"2.1.0-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1:i386\", ver:\"2.1.0-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1-dev\", ver:\"2.1.0-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-03T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for expat (openSUSE-SU-2016:1441-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851322", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851322\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 16:25:14 +0530 (Fri, 03 Jun 2016)\");\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for expat (openSUSE-SU-2016:1441-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'expat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for expat fixes the following security issues:\n\n - CVE-2015-1283: Fixed multiple integer overflows that could lead to\n buffer overflows [boo#980391]\n\n - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of\n malformed input documents [boo#979441].\");\n\n script_tag(name:\"affected\", value:\"expat on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1441-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debugsource\", rpm:\"expat-debugsource~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo\", rpm:\"libexpat1-debuginfo~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo-32bit\", rpm:\"expat-debuginfo-32bit~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat-devel-32bit\", rpm:\"libexpat-devel-32bit~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-32bit\", rpm:\"libexpat1-32bit~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo-32bit\", rpm:\"libexpat1-debuginfo-32bit~2.1.0~14.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for expat (SUSE-SU-2016:1508-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851326", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851326", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851326\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 05:22:36 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for expat (SUSE-SU-2016:1508-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'expat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for expat fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391)\");\n\n script_tag(name:\"affected\", value:\"expat on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1508-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo-32bit\", rpm:\"expat-debuginfo-32bit~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debugsource\", rpm:\"expat-debugsource~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-32bit\", rpm:\"libexpat1-32bit~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo\", rpm:\"libexpat1-debuginfo~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo-32bit\", rpm:\"libexpat1-debuginfo-32bit~2.1.0~17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debugsource\", rpm:\"expat-debugsource~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo\", rpm:\"libexpat1-debuginfo~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo-32bit\", rpm:\"expat-debuginfo-32bit~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-32bit\", rpm:\"libexpat1-32bit~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo-32bit\", rpm:\"libexpat1-debuginfo-32bit~2.1.0~17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for expat (openSUSE-SU-2016:1523-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851329", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851329\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:17:14 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for expat (openSUSE-SU-2016:1523-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'expat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for expat fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) This update\n was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"expat on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1523-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debugsource\", rpm:\"expat-debugsource~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo\", rpm:\"libexpat1-debuginfo~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo-32bit\", rpm:\"expat-debuginfo-32bit~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat-devel-32bit\", rpm:\"libexpat-devel-32bit~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-32bit\", rpm:\"libexpat1-32bit~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libexpat1-debuginfo-32bit\", rpm:\"libexpat1-debuginfo-32bit~2.1.0~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for icu USN-2740-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2632", "CVE-2015-1270", "CVE-2015-4760"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for icu USN-2740-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842437\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-17 06:18:53 +0200 (Thu, 17 Sep 2015)\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-2632\", \"CVE-2015-4760\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for icu USN-2740-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Atte Kettunen discovered that ICU\nincorrectly handled certain converter names. If an application using ICU processed\ncrafted data, a remote attacker could possibly cause it to crash. (CVE-2015-1270)\n\nIt was discovered that ICU incorrectly handled certain memory operations\nwhen processing data. If an application using ICU processed crafted data,\na remote attacker could possibly cause it to crash or potentially execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2015-2632, CVE-2015-4760)\");\n script_tag(name:\"affected\", value:\"icu on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2740-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2740-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu52:amd64\", ver:\"52.1-3ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libicu52:i386\", ver:\"52.1-3ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu48\", ver:\"4.8.1.1-3ubuntu0.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "description": "Gustavo Grieco discovered that Expat,\nan XML parsing C library, does not properly handle certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error reporting. A\nremote attacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.", "cvss3": {}, "published": "2016-05-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3582-1 (expat - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703582", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3582.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3582-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703582\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\", \"CVE-2016-4472\");\n script_name(\"Debian Security Advisory DSA 3582-1 (expat - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-18 00:00:00 +0200 (Wed, 18 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3582.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"expat on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 2.1.0-6+deb8u2. Additionally this update\nrefreshes the fix for CVE-2015-1283 to avoid relying on undefined behavior.\n\nWe recommend that you upgrade your expat packages.\");\n script_tag(name:\"summary\", value:\"Gustavo Grieco discovered that Expat,\nan XML parsing C library, does not properly handle certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error reporting. A\nremote attacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"expat\", ver:\"2.1.0-6+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.1.0-6+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1-dev\", ver:\"2.1.0-6+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1:amd64\", ver:\"2.1.0-6+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1:i386\", ver:\"2.1.0-6+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libexpat1-dev:amd64\", ver:\"2.1.0-6+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1-dev:i386\", ver:\"2.1.0-6+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:09", "description": "Gustavo Grieco discovered that Expat,\nan XML parsing C library, does not properly handle certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error reporting. A\nremote attacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.", "cvss3": {}, "published": "2016-05-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3582-1 (expat - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703582", "href": "http://plugins.openvas.org/nasl.php?oid=703582", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3582.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3582-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703582);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-0718\", \"CVE-2016-4472\");\n script_name(\"Debian Security Advisory DSA 3582-1 (expat - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-05-18 00:00:00 +0200 (Wed, 18 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3582.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"expat on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains xmlwf, an example\napplication of expat, the C library for parsing XML. The arguments to xmlwf are\none or more files which are each to be checked for XML well-formedness.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 2.1.0-6+deb8u2. Additionally this update\nrefreshes the fix for CVE-2015-1283 to avoid relying on undefined behavior.\n\nWe recommend that you upgrade your expat packages.\");\n script_tag(name: \"summary\", value: \"Gustavo Grieco discovered that Expat,\nan XML parsing C library, does not properly handle certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error reporting. A\nremote attacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"expat\", ver:\"2.1.0-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.1.0-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib64expat1-dev\", ver:\"2.1.0-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexpat1:amd64\", ver:\"2.1.0-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexpat1:i386\", ver:\"2.1.0-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libexpat1-dev:amd64\", ver:\"2.1.0-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexpat1-dev:i386\", ver:\"2.1.0-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-06-17T15:49:39", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-06-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for apr-util (EulerOS-SA-2020-1639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716", "CVE-2016-4472"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201639", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1639\");\n script_version(\"2020-06-16T05:47:46+0000\");\n script_cve_id(\"CVE-2016-4472\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:47:46 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:47:46 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for apr-util (EulerOS-SA-2020-1639)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1639\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1639\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'apr-util' package(s) announced via the EulerOS-SA-2020-1639 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472)\");\n\n script_tag(name:\"affected\", value:\"'apr-util' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apr-util\", rpm:\"apr-util~1.5.2~6.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apr-util-devel\", rpm:\"apr-util-devel~1.5.2~6.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-17T15:49:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-06-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for xulrunner (EulerOS-SA-2020-1619)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716", "CVE-2012-6702", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201619", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1619\");\n script_version(\"2020-06-16T05:47:00+0000\");\n script_cve_id(\"CVE-2012-6702\", \"CVE-2016-0718\", \"CVE-2016-4472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:47:00 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:47:00 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for xulrunner (EulerOS-SA-2020-1619)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1619\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1619\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'xulrunner' package(s) announced via the EulerOS-SA-2020-1619 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.(CVE-2012-6702)\n\nThe overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472)\n\nExpat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.(CVE-2016-0718)\");\n\n script_tag(name:\"affected\", value:\"'xulrunner' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~31.6.0~3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for xmlrpc-c USN-3013-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5300", "CVE-2015-1283", "CVE-2012-6702", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842800", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842800", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for xmlrpc-c USN-3013-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842800\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-21 05:47:53 +0200 (Tue, 21 Jun 2016)\");\n script_cve_id(\"CVE-2012-6702\", \"CVE-2016-5300\", \"CVE-2016-0718\", \"CVE-2015-1283\",\n \"CVE-2016-4472\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for xmlrpc-c USN-3013-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xmlrpc-c'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Expat code in\n XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This\n could reduce the security of calling applications. (CVE-2012-6702)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly\nhandled seeding the random number generator. A remote attacker could\npossibly use this issue to cause a denial of service. (CVE-2016-5300)\n\nGustavo Grieco discovered that the Expat code in XML-RPC for C and C++\nincorrectly handled malformed XML data. If a user or application linked\nagainst XML-RPC for C and C++ were tricked into opening a crafted XML file,\nan attacker could cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-0718)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly\nhandled malformed XML data. If a user or application linked against XML-RPC\nfor C and C++ were tricked into opening a crafted XML file, an attacker\ncould cause a denial of service, or possibly execute arbitrary code.\n(CVE-2015-1283, CVE-2016-4472)\");\n script_tag(name:\"affected\", value:\"xmlrpc-c on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3013-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3013-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-c++4\", ver:\"1.16.33-3.1ubuntu5.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3\", ver:\"1.16.33-3.1ubuntu5.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:32:56", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1698)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5300", "CVE-2015-1283", "CVE-2015-2716", "CVE-2012-0876", "CVE-2016-4472"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191698", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1698\");\n script_version(\"2020-01-23T12:20:15+0000\");\n script_cve_id(\"CVE-2015-1283\", \"CVE-2016-4472\", \"CVE-2016-5300\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:15 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1698)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1698\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1698\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'expat' package(s) announced via the EulerOS-SA-2019-1698 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300)\n\nThe overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472)\n\nMultiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283)\");\n\n script_tag(name:\"affected\", value:\"'expat' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.1.0~10.h4\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.1.0~10.h4\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-static\", rpm:\"expat-static~2.1.0~10.h4\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:24:04", "description": "### *Detect date*:\n07/21/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service or (and) obtain sensitive information via specially crafted JavaScript code, specially crafted web site, unspecified linear-time attack, crafted XML data, crafted PDF document and other unknown vectors.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 44.0.2403.89\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.\n\n### *Original advisories*:\n[Google Chrome blog post](<http://googlechromereleases.blogspot.ru/2015/07/stable-channel-update_21.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-1287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287>)4.3Warning \n[CVE-2015-1288](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288>)6.8High \n[CVE-2015-1281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281>)4.3Warning \n[CVE-2015-1278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278>)4.3Warning \n[CVE-2015-1277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277>)7.5Critical \n[CVE-2015-1280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280>)7.5Critical \n[CVE-2015-1279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279>)7.5Critical \n[CVE-2015-1282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282>)6.8High \n[CVE-2015-1273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273>)6.8High \n[CVE-2015-1272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272>)7.5Critical \n[CVE-2015-1283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283>)6.8High \n[CVE-2015-1284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284>)7.5Critical \n[CVE-2015-1285](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285>)5.0Critical \n[CVE-2015-1276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276>)7.5Critical \n[CVE-2015-1286](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286>)4.3Warning \n[CVE-2015-1275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1275>)4.3Warning \n[CVE-2015-1270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270>)6.8High \n[CVE-2015-1289](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289>)7.5Critical \n[CVE-2015-1274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274>)6.8High \n[CVE-2015-1271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271>)6.8High", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-21T00:00:00", "type": "kaspersky", "title": "KLA10636 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2020-06-03T00:00:00", "id": "KLA10636", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10636/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:35:46", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272, CVE-2015-1273,\nCVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279,\nCVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285,\nCVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 44.0.2403.89, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take \neffect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-27T00:00:00", "type": "redhat", "title": "(RHSA-2015:1499) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289", "CVE-2015-5605"], "modified": "2018-06-07T05:04:36", "id": "RHSA-2015:1499", "href": "https://access.redhat.com/errata/RHSA-2015:1499", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Chromium-browser 44.0.2403.107 fixes several security issues: PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation. (CVE-2015-1271) Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc. (CVE-2015-1272) Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document. (CVE-2015-1273) Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous \"Always open files of this type\" choice, related to download_commands.cc and download_prefs.cc. (CVE-2015-1274) Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation. (CVE-2015-1276) Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures. (CVE-2015-1277) content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. (CVE-2015-1278) Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values. (CVE-2015-1279) SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data. (CVE-2015-1280) core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source. (CVE-2015-1281) Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions. (CVE-2015-1282) The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements. (CVE-2015-1284) The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. (CVE-2015-1285) Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\" (CVE-2015-1286) Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. (CVE-2015-1287) The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. (CVE-2015-1288) Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1289) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-27T17:45:18", "type": "mageia", "title": "Updated chromium-browser package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2015-07-27T17:45:18", "id": "MGASA-2015-0288", "href": "https://advisories.mageia.org/MGASA-2015-0288.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU) mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file (CVE-2015-1270). \n", "cvss3": {}, "published": "2015-07-27T17:34:09", "type": "mageia", "title": "Updated icu package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270"], "modified": "2015-07-27T17:34:09", "id": "MGASA-2015-0287", "href": "https://advisories.mageia.org/MGASA-2015-0287.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data (CVE-2015-1283). \n", "cvss3": {}, "published": "2015-07-27T17:18:02", "type": "mageia", "title": "Updated expat package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283"], "modified": "2015-07-27T17:18:02", "id": "MGASA-2015-0285", "href": "https://advisories.mageia.org/MGASA-2015-0285.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The ICU Project's ICU4C library, before 55.1, contains a heap-based buffer overflow in the resolveImplicitLevels function of ubidi.c (CVE-2014-8146). The ICU Project's ICU4C library, before 55.1, contains an integer overflow in the resolveImplicitLevels function of ubidi.c due to the assignment of an int32 value to an int16 type (CVE-2014-8147). The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU) mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file (CVE-2015-1270). \n", "cvss3": {}, "published": "2015-07-27T17:34:09", "type": "mageia", "title": "Updated icu package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8146", "CVE-2014-8147", "CVE-2015-1270"], "modified": "2015-07-27T17:34:09", "id": "MGASA-2015-0286", "href": "https://advisories.mageia.org/MGASA-2015-0286.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T18:51:19", "description": "Restrictions bypass, multiple memory corruptions, crossite scripting.", "edition": 2, "cvss3": {}, "published": "2015-07-26T00:00:00", "title": "Google Chrome / Chromium multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2015-07-26T00:00:00", "id": "SECURITYVULNS:VULN:14602", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14602", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3315-1 security@debian.org\r\nhttps://www.debian.org/security/ Michael Gilbert\r\nJuly 23, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\r\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\r\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\r\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\r\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\r\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\r\n\r\nSeveral vulnerabilities were discovered in the chromium web browser.\r\n\r\nCVE-2015-1266\r\n\r\n Intended access restrictions could be bypassed for certain URLs like\r\n chrome://gpu.\r\n\r\nCVE-2015-1267\r\n\r\n A way to bypass the Same Origin Policy was discovered.\r\n\r\nCVE-2015-1268\r\n\r\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\r\n\r\nCVE-2015-1269\r\n\r\n Mike Rudy discovered that hostnames were not properly compared in the\r\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\r\n which could allow those access restrictions to be bypassed.\r\n\r\nCVE-2015-1270\r\n\r\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\r\n\r\nCVE-2015-1271\r\n\r\n cloudfuzzer discovered a buffer overflow in the pdfium library.\r\n\r\nCVE-2015-1272\r\n\r\n Chamal de Silva discovered race conditions in the GPU process\r\n implementation.\r\n\r\nCVE-2015-1273\r\n\r\n makosoft discovered a buffer overflow in openjpeg, which is used by\r\n the pdfium library embedded in chromium.\r\n\r\nCVE-2015-1274\r\n\r\n andrewm.bpi discovered that the auto-open list allowed certain file\r\n types to be executed immediately after download.\r\n\r\nCVE-2015-1276\r\n\r\n Colin Payne discovered a use-after-free issue in the IndexedDB\r\n implementation.\r\n\r\nCVE-2015-1277\r\n\r\n SkyLined discovered a use-after-free issue in chromium's accessibility\r\n implementation.\r\n\r\nCVE-2015-1278\r\n\r\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\r\n\r\nCVE-2015-1279\r\n\r\n mlafon discovered a buffer overflow in the pdfium library.\r\n\r\nCVE-2015-1280\r\n\r\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\r\n\r\nCVE-2015-1281\r\n\r\n Masato Knugawa discovered a way to bypass the Content Security\r\n Policy.\r\n\r\nCVE-2015-1282\r\n\r\n Chamal de Silva discovered multiple use-after-free issues in the\r\n pdfium library.\r\n\r\nCVE-2015-1283\r\n\r\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\r\n library.\r\n\r\nCVE-2015-1284\r\n\r\n Atte Kettunen discovered that the maximum number of page frames\r\n was not correctly checked.\r\n\r\nCVE-2015-1285\r\n\r\n gazheyes discovered an information leak in the XSS auditor,\r\n which normally helps to prevent certain classes of cross-site\r\n scripting problems.\r\n\r\nCVE-2015-1286\r\n\r\n A cross-site scripting issue was discovered in the interface to\r\n the v8 javascript library.\r\n\r\nCVE-2015-1287\r\n\r\n filedescriptor discovered a way to bypass the Same Origin Policy.\r\n\r\nCVE-2015-1288\r\n\r\n Mike Ruddy discovered that the spellchecking dictionaries could\r\n still be downloaded over plain HTTP (related to CVE-2015-1263).\r\n\r\nCVE-2015-1289\r\n\r\n The chrome 44 development team found and fixed various issues\r\n during internal auditing.\r\n\r\nIn addition to the above issues, Google disabled the hotword extension\r\nby default in this version, which if enabled downloads files without\r\nthe user's intervention.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 44.0.2403.89-1~deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 44.0.2403.89-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJVsi9LAAoJELjWss0C1vRziN0gALQ34XXl/qN5BlJrTH+8xaUm\r\nZUZYAqSJK+QgFOOVxXiMWDREsLV7OcQ8CgAbq/l+jumfaq2yY6uVo61xT+mlzIY5\r\naVT6t72NX3fUR9dVxiW31M0qnY3jfNFd0tBD2Q42Zuh7PvDspLYKKsytrcyz5oYJ\r\nGFbxrW2C7/8bUmhd+muzfYCQ5VHohNMaV+QgeEPy/XUrgFgjWJlEVDSFIS9UnGsZ\r\ny+bI4ssZjC3/+SeqkyIxBzeqUK7zbt3cDqpyEtEjI1e6KijkJRbazWh2Lc9qkWON\r\nVOzU0o0Sb/ftdCV0Rbkfakk2cj2F3WAoZh7nFzCMAdqRVzczfUZFzyOH4Ups30CZ\r\nqjHy2K+cqtmDg2egsuDKI7M7k8uWlSWo2J6hyLY1UKHei5QwP3nLkC6BQUaTXxCW\r\ngt1IlVF77eoBOXTnVOXj59OQdh1KKXsZ9IkQVi3c3JunKHeOgYRPey8jNEjTp0IV\r\n7YNew1a8RnsIpf8GwTqCM8YaVUcxxQE7sv1ya7k2C0QTGQpqUlyT8FV/P1ZembDJ\r\n6fpqn/IQWv98ztj3yuuJA6SwI5uDpE69u3JUuGCweGL8iMN+DU9cyWcxfIvvAewK\r\nCAEehgKVA1HKfBZoCmS1lky4QCJZrgHyxSe1c3CW0pDy/IfOvV54Xzr3Qn9Whx19\r\nkq/tOP3UcrfGjyy2oRPTdKFEC9qUufrRoZw39d1yvVxsqtEzZp9ri6mND4WPuZYf\r\ni5mVplBPJsvXOC5RXJ/pnSu8IrsbC5Qz9CxSlWLcDx+DjktUuMza6lawJyKh3QUK\r\nGUOXMG4bC5CilN+r2Fm41ZHW9ZUMHLcqnE/jBkvNUMw+Z+0i6noQkgG6t1CeIki5\r\nOeuEMuES3UU5joyRL24b4ejiUJxeIb9sik0WSrR4qelBeOLXFKyKNvpm243Nq/W5\r\nBMoFvQkmiF37IZ9naVmPUTwPmicTeD35wEs9XerMSvvAoKUfJtXMWglN0aP2hxK5\r\n2Dhr5ZAQ0jJTxIx/l6dV23hJNql0hCurFPF9tQxYZHDpl3WUS3YLs9Bj9mGz0AjH\r\nHAyuJrQWVMCT2gao//1I7T3O5JkrVTVXNVcY+1gg+HTE0iOxe20Uhiat0pd+TCW9\r\nops3rpYOjSDy2bpipdkxSblb5QNWN1SRmSywGuESESIPLKdmooeD3nyMBGA7bWVa\r\nFJukfJcBaDnGFfgMfQmEfckawvcGhErNQtXReqGQ3AYUn+/mYiV8gvVatn8x8dy9\r\nqpRHWM1VwVD5DsgxkeUTRyimOi374RrkCPx1olMwCkbNQiQJ9VTSK5Ji7HoOZz9P\r\nFazeCSZ1csx1HTx47ch+DvRfsJMnSDwbBst2aRAmRaInUu7qSb/VJwXtjdI6HRo=\r\n=0awE\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-07-26T00:00:00", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1263", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2015-07-26T00:00:00", "id": "SECURITYVULNS:DOC:32351", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32351", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3360-1 security@debian.org\r\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\r\nSeptember 15, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : icu\r\nCVE ID : CVE-2015-1270\r\nDebian Bug : 798647\r\n\r\nIt was discovered that the International Components for Unicode (ICU)\r\nlibrary mishandles converter names starting with x- , which allows\r\nremote attackers to cause a denial of service (read of uninitialized\r\nmemory) or possibly have unspecified other impact via a crafted file.\r\n\r\nFor the stable distribution (jessie), this problem has been fixed in\r\nversion 52.1-8+deb8u3.\r\n\r\nFor the testing distribution (stretch), this problem has been fixed\r\nin version 55.1-5.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 55.1-5.\r\n\r\nWe recommend that you upgrade your icu packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJV+ELBAAoJEK+lG9bN5XPLC24QAIXycfVpH1VzrqIOi7IzkmXf\r\naCJ9B+m/BWSmnEfVVm42w3u0gGd7wQZSbMi5azEdHYpec6g9Defc4XfVp8ngD9Gk\r\n37Gha8gZZ4Sbxc1tXwMwwwyP2+E+6QDrNzniSwtCNgk4UV9VUSGCNhLJBva5tV1Y\r\nJSeFVHTpl/Urj7CwdRYvlMIbVCTvcnS0FJ34LeylnXTa5k4Z2ZyO5o6a7Gd8YsAD\r\nmGJ2VWA0axNgXXpGhazLfRPQ2PauLfqWN0VpMualqejMPZd2ABRUxrZ7eUuG4AGx\r\nu0HsGnQAQrMn9ZUChTjX8HpDW7OH39B0Z0nVlSITeC4L5gK8SY5lHgmg8zV/Uk1L\r\njzTwsZty2wfyxsti8XXlY9UHKNcUjB+8bg8WdftzC765HCiNJOXJCGHeklIiHqk7\r\nT5K2H7YuNPMqMuaqgYE7zbgu3JVY9ixNk9DV9aEsgDGjrcs9OXC5U0mkV/++VHlC\r\nebpcKw02aVEl2Yf7MbX+M0cLiCHo3RM56LQUa02SivwBC5gWULwaSKaRSasoEWEP\r\nknrBzmC5rdyztXipe2undXFyJuACBAuemP8eQSLY7tpFecc52KKnKMN2lru9hzAj\r\nCSXmOvUwwZGmKdwTCMM9RepCoqpNv7Y21ejxCAzUiZ9vjlzVEdRdIeUri/UqGm+E\r\n24PlDUC7o0eS12jqWAVx\r\n=ADH3\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-10-05T00:00:00", "title": "[SECURITY] [DSA 3360-1] icu security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1270"], "modified": "2015-10-05T00:00:00", "id": "SECURITYVULNS:DOC:32533", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32533", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3318-1 security@debian.org\r\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\r\nJuly 26, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : expat\r\nCVE ID : CVE-2015-1283\r\nDebian Bug : 793484\r\n\r\nMultiple integer overflows have been discovered in Expat, an XML parsing\r\nC library, which may result in denial of service or the execution of\r\narbitrary code if a malformed XML file is processed.\r\n\r\nFor the oldstable distribution (wheezy), this problem has been fixed\r\nin version 2.1.0-1+deb7u2.\r\n\r\nFor the stable distribution (jessie), this problem has been fixed in\r\nversion 2.1.0-6+deb8u1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.1.0-7.\r\n\r\nWe recommend that you upgrade your expat packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJVtR53AAoJEBDCk7bDfE429xUP/iYH65ZkPj1OsUWAmTeTGboo\r\nQvUDZMA+TvtS4Wnnxx07ln30JwiaEqPBVUjwkHqSeJ+WpzXT961E+gLCnAN6QOdw\r\nBilxx8HSytsQN2Gov7h0wSOxqQ9sbZRh3Cb6939WU7pp+XjwvPqXf2HxJN2uEz9S\r\n/tWQYOVn9yAkyaDC+LUVInmRnrF5OW4IY5mGOolOobfF/RdSRICHEdkKry8buTUQ\r\nmxtMuALwM2Yo1iEyTro2GLJWiCzqmzhMN+JbJ9DWv4+gbExMe1gXB3hSlfw8OIDb\r\nEm2rgEuwzUg3JZlEo7HIUO/IaL4ao5d/9Z7DyO9RLd385QZsF3iBfcp15U+6qJ3t\r\nf9Ftrl4N+fgmJt1DryYTZmX2Yg3+anCF25GMt+rHo4xWateKriG88eBNcoxnbjM5\r\nLaitgvnih09b9FibnnnIihB6mOuYNdfvRtHncxdTaA9HiWGwlzeDXMX1pQVsDOxE\r\nk6hcrrE5p6ixzQLJI6FvPDVkRU5UdlAeFXOiKFfKp7ztx6KxgiAMceVH2zEfdl5x\r\n7Vovd07/BJ0PFKWe1lUDJpvijb0X2RoZA5NsQWUN3QBONQPfpHjSl0sC8tiHhm2y\r\necwbdHMdOqpNlTZr4rZgfqD/M2sXqp8sK7Z3kjz59qTJ/hoE4Gj6eb8xx5MjsEti\r\nhqrriI8A4uSmvWjQl4XH\r\n=TfCY\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-08-03T00:00:00", "title": "[SECURITY] [DSA 3318-1] expat security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2015-08-03T00:00:00", "id": "SECURITYVULNS:DOC:32385", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32385", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:55:40", "description": "Multiple integer overflows.", "edition": 2, "cvss3": {}, "published": "2015-08-03T00:00:00", "title": "expat library integer overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1283"], "modified": "2015-08-03T00:00:00", "id": "SECURITYVULNS:VULN:14621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14621", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:02", "description": "Memory corruption on symbols parsing.", "edition": 1, "cvss3": {}, "published": "2015-10-05T00:00:00", "title": "libicu memory corruption", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-2632", "CVE-2015-1270", "CVE-2015-4760"], "modified": "2015-10-05T00:00:00", "id": "SECURITYVULNS:VULN:14704", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14704", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-12-17T23:37:01", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3315-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 23, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\n\n Intended access restrictions could be bypassed for certain URLs like\n chrome://gpu.\n\nCVE-2015-1267\n\n A way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\n\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\n\n Mike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\n\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\n\n cloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\n\n Chamal de Silva discovered race conditions in the GPU process\n implementation.\n\nCVE-2015-1273\n\n makosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.\n\nCVE-2015-1274\n\n andrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.\n\nCVE-2015-1276\n\n Colin Payne discovered a use-after-free issue in the IndexedDB\n implementation.\n\nCVE-2015-1277\n\n SkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.\n\nCVE-2015-1278\n\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\n\n mlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\n\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\n\n Masato Knugawa discovered a way to bypass the Content Security\n Policy.\n\nCVE-2015-1282\n\n Chamal de Silva discovered multiple use-after-free issues in the\n pdfium library.\n\nCVE-2015-1283\n\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.\n\nCVE-2015-1284\n\n Atte Kettunen discovered that the maximum number of page frames\n was not correctly checked.\n\nCVE-2015-1285\n\n gazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.\n\nCVE-2015-1286\n\n A cross-site scripting issue was discovered in the interface to\n the v8 javascript library.\n\nCVE-2015-1287\n\n filedescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288\n\n Mike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to CVE-2015-1263).\n\nCVE-2015-1289\n\n The chrome 44 development team found and fixed various issues\n during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-24T12:29:48", "type": "debian", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1266", "CVE-2015-1267", "CVE-2015-1268", "CVE-2015-1269", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2015-07-24T12:29:48", "id": "DEBIAN:DSA-3315-1:DF83F", "href": "https://lists.debian.org/debian-security-announce/2015/msg00211.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:52:03", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3315-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 23, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\n\n Intended access restrictions could be bypassed for certain URLs like\n chrome://gpu.\n\nCVE-2015-1267\n\n A way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\n\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\n\n Mike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\n\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\n\n cloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\n\n Chamal de Silva discovered race conditions in the GPU process\n implementation.\n\nCVE-2015-1273\n\n makosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.\n\nCVE-2015-1274\n\n andrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.\n\nCVE-2015-1276\n\n Colin Payne discovered a use-after-free issue in the IndexedDB\n implementation.\n\nCVE-2015-1277\n\n SkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.\n\nCVE-2015-1278\n\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\n\n mlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\n\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\n\n Masato Knugawa discovered a way to bypass the Content Security\n Policy.\n\nCVE-2015-1282\n\n Chamal de Silva discovered multiple use-after-free issues in the\n pdfium library.\n\nCVE-2015-1283\n\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.\n\nCVE-2015-1284\n\n Atte Kettunen discovered that the maximum number of page frames\n was not correctly checked.\n\nCVE-2015-1285\n\n gazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.\n\nCVE-2015-1286\n\n A cross-site scripting issue was discovered in the interface to\n the v8 javascript library.\n\nCVE-2015-1287\n\n filedescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288\n\n Mike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to CVE-2015-1263).\n\nCVE-2015-1289\n\n The chrome 44 development team found and fixed various issues\n during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-24T12:29:48", "type": "debian", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1266", "CVE-2015-1267", "CVE-2015-1268", "CVE-2015-1269", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2015-07-24T12:29:48", "id": "DEBIAN:DSA-3315-1:9DB7E", "href": "https://lists.debian.org/debian-security-announce/2015/msg00211.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-28T17:55:04", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3360-1 security@debian.org\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\nSeptember 15, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icu\nCVE ID : CVE-2015-1270\nDebian Bug : 798647\n\nIt was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x- , which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 55.1-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 55.1-5.\n\nWe recommend that you upgrade your icu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-09-15T16:09:40", "type": "debian", "title": "[SECURITY] [DSA 3360-1] icu security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270"], "modified": "2015-09-15T16:09:40", "id": "DEBIAN:DSA-3360-1:A29C1", "href": "https://lists.debian.org/debian-security-announce/2015/msg00259.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-09T00:45:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3318-1 security@debian.org\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\nJuly 26, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2015-1283\nDebian Bug : 793484\n\nMultiple integer overflows have been discovered in Expat, an XML parsing\nC library, which may result in denial of service or the execution of\narbitrary code if a malformed XML file is processed.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.1.0-1+deb7u2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0-7.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-07-26T17:54:13", "type": "debian", "title": "[SECURITY] [DSA 3318-1] expat security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283"], "modified": "2015-07-26T17:54:13", "id": "DEBIAN:DSA-3318-1:6F723", "href": "https://lists.debian.org/debian-security-announce/2015/msg00214.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:14:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3582-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2016-0718\n\nGustavo Grieco discovered that Expat, an XML parsing C library, does not\nproperly handle certain kinds of malformed input documents, resulting in\nbuffer overflows during processing and error reporting. A remote\nattacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u2. Additionally this update refreshes the fix for\nCVE-2015-1283 to avoid relying on undefined behavior.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-18T05:18:57", "type": "debian", "title": "[SECURITY] [DSA 3582-1] expat security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-05-18T05:18:57", "id": "DEBIAN:DSA-3582-1:BA58B", "href": "https://lists.debian.org/debian-security-announce/2016/msg00159.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T18:27:20", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3582-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2016-0718\n\nGustavo Grieco discovered that Expat, an XML parsing C library, does not\nproperly handle certain kinds of malformed input documents, resulting in\nbuffer overflows during processing and error reporting. A remote\nattacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u2. Additionally this update refreshes the fix for\nCVE-2015-1283 to avoid relying on undefined behavior.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-18T05:18:57", "type": "debian", "title": "[SECURITY] [DSA 3582-1] expat security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718"], "modified": "2016-05-18T05:18:57", "id": "DEBIAN:DSA-3582-1:D0BF8", "href": "https://lists.debian.org/debian-security-announce/2016/msg00159.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T22:24:53", "description": "Package : expat\nVersion : 2.0.1-7+squeeze2\nCVE ID : CVE-2015-1283\n\n Multiple integer overflows in the XML_GetBuffer function in Expat\n through 2.1.0, as used in Google Chrome before 44.0.2403.89 and\n other products, allow remote attackers to cause a denial of service\n (heap-based buffer overflow) or possibly have unspecified other\n impact via crafted XML data, a related issue to CVE-2015-2716.", "cvss3": {}, "published": "2015-07-25T14:17:27", "type": "debian", "title": "[SECURITY] [DLA 281-1] expat security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2015-07-25T14:17:27", "id": "DEBIAN:DLA-281-1:C24AD", "href": "https://lists.debian.org/debian-lts-announce/2015/07/msg00021.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:07:14", "description": "\nSeveral vulnerabilities were discovered in the chromium web browser.\n\n\n* [CVE-2015-1266](https://security-tracker.debian.org/tracker/CVE-2015-1266)\nIntended access restrictions could be bypassed for certain URLs like\n chrome://gpu.\n* [CVE-2015-1267](https://security-tracker.debian.org/tracker/CVE-2015-1267)\nA way to bypass the Same Origin Policy was discovered.\n* [CVE-2015-1268](https://security-tracker.debian.org/tracker/CVE-2015-1268)\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n* [CVE-2015-1269](https://security-tracker.debian.org/tracker/CVE-2015-1269)\nMike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.\n* [CVE-2015-1270](https://security-tracker.debian.org/tracker/CVE-2015-1270)\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n* [CVE-2015-1271](https://security-tracker.debian.org/tracker/CVE-2015-1271)\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n* [CVE-2015-1272](https://security-tracker.debian.org/tracker/CVE-2015-1272)\nChamal de Silva discovered race conditions in the GPU process\n implementation.\n* [CVE-2015-1273](https://security-tracker.debian.org/tracker/CVE-2015-1273)\nmakosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.\n* [CVE-2015-1274](https://security-tracker.debian.org/tracker/CVE-2015-1274)\nandrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.\n* [CVE-2015-1276](https://security-tracker.debian.org/tracker/CVE-2015-1276)\nColin Payne discovered a use-after-free issue in the IndexedDB\n implementation.\n* [CVE-2015-1277](https://security-tracker.debian.org/tracker/CVE-2015-1277)\nSkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.\n* [CVE-2015-1278](https://security-tracker.debian.org/tracker/CVE-2015-1278)\nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n* [CVE-2015-1279](https://security-tracker.debian.org/tracker/CVE-2015-1279)\nmlafon discovered a buffer overflow in the pdfium library.\n* [CVE-2015-1280](https://security-tracker.debian.org/tracker/CVE-2015-1280)\ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n* [CVE-2015-1281](https://security-tracker.debian.org/tracker/CVE-2015-1281)\nMasato Knugawa discovered a way to bypass the Content Security\n Policy.\n* [CVE-2015-1282](https://security-tracker.debian.org/tracker/CVE-2015-1282)\nChamal de Silva discovered multiple use-after-free issues in the\n pdfium library.\n* [CVE-2015-1283](https://security-tracker.debian.org/tracker/CVE-2015-1283)\nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.\n* [CVE-2015-1284](https://security-tracker.debian.org/tracker/CVE-2015-1284)\nAtte Kettunen discovered that the maximum number of page frames\n was not correctly checked.\n* [CVE-2015-1285](https://security-tracker.debian.org/tracker/CVE-2015-1285)\ngazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.\n* [CVE-2015-1286](https://security-tracker.debian.org/tracker/CVE-2015-1286)\nA cross-site scripting issue was discovered in the interface to\n the v8 javascript library.\n* [CVE-2015-1287](https://security-tracker.debian.org/tracker/CVE-2015-1287)\nfiledescriptor discovered a way to bypass the Same Origin Policy.\n* [CVE-2015-1288](https://security-tracker.debian.org/tracker/CVE-2015-1288)\nMike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to [CVE-2015-1263](https://security-tracker.debian.org/tracker/CVE-2015-1263)).\n* [CVE-2015-1289](https://security-tracker.debian.org/tracker/CVE-2015-1289)\nThe chrome 44 development team found and fixed various issues\n during internal auditing.\n\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-23T00:00:00", "type": "osv", "title": "chromium-browser - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1266", "CVE-2015-1267", "CVE-2015-1268", "CVE-2015-1269", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2022-08-10T07:06:28", "id": "OSV:DSA-3315-1", "href": "https://osv.dev/vulnerability/DSA-3315-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:09:26", "description": "\nIt was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with `x-`, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\n\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\n\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 55.1-5.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 55.1-5.\n\n\nWe recommend that you upgrade your icu packages.\n\n\n", "cvss3": {}, "published": "2015-09-15T00:00:00", "type": "osv", "title": "icu - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270"], "modified": "2022-08-10T07:09:21", "id": "OSV:DSA-3360-1", "href": "https://osv.dev/vulnerability/DSA-3360-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:06:49", "description": "\nMultiple integer overflows have been discovered in Expat, an XML parsing\nC library, which may result in denial of service or the execution of\narbitrary code if a malformed XML file is processed.\n\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.1.0-1+deb7u2.\n\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0-7.\n\n\nWe recommend that you upgrade your expat packages.\n\n\n", "cvss3": {}, "published": "2015-07-26T00:00:00", "type": "osv", "title": "expat - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283"], "modified": "2022-08-10T07:06:46", "id": "OSV:DSA-3318-1", "href": "https://osv.dev/vulnerability/DSA-3318-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:19:16", "description": "\nMultiple integer overflows in the XML\\_GetBuffer function in Expat\n through 2.1.0, as used in Google Chrome before 44.0.2403.89 and\n other products, allow remote attackers to cause a denial of service\n (heap-based buffer overflow) or possibly have unspecified other\n impact via crafted XML data, a related issue to [CVE-2015-2716](https://security-tracker.debian.org/tracker/CVE-2015-2716).\n\n\n", "cvss3": {}, "published": "2015-07-25T00:00:00", "type": "osv", "title": "expat - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2022-08-05T05:19:13", "id": "OSV:DLA-281-1", "href": "https://osv.dev/vulnerability/DLA-281-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:25:44", "description": "\nGustavo Grieco discovered that Expat, an XML parsing C library, does not\nproperly handle certain kinds of malformed input documents, resulting in\nbuffer overflows during processing and error reporting. A remote\nattacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.\n\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u2. Additionally this update refreshes the fix for\n[CVE-2015-1283](https://security-tracker.debian.org/tracker/CVE-2015-1283) to avoid relying on undefined behavior.\n\n\nWe recommend that you upgrade your expat packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-18T00:00:00", "type": "osv", "title": "expat - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2022-07-21T05:49:05", "id": "OSV:DSA-3582-1", "href": "https://osv.dev/vulnerability/DSA-3582-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:37:24", "description": "An uninitialized value issue was discovered in ICU. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service. (CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in \nChromium. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in \nChromium. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implemetation in \nChromium. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were tricked \nin to opening a specially crafted website, an attacker could potentially \nexploit this to cause a denial of service via renderer crash, or execute \narbitrary code with the privileges of the sandboxed render process. \n(CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context of \na microtask in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nbypass Content Security Policy (CSP) restrictions. (CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nthe program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page's maximum number of \nframes in some circumstances, resulting in a use-after-free. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via renderer crash, \nor execute arbitrary code with the privileges of the sandboxed render \nprocess. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly choose a \ntruncation point. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to obtain sensitive \ninformation. (CVE-2015-1285)\n\nAn issue was discovered in the CSS implementation in Blink. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to bypass same-origin restrictions. \n(CVE-2015-1287)\n\nMultiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial \nof service via application crash or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-1289)\n\nA use-after-free was discovered in oxide::qt::URLRequestDelegatedJob in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2015-1329)\n\nA crash was discovered in the regular expression implementation in V8 in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service. (CVE-2015-5605)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-08-04T00:00:00", "type": "ubuntu", "title": "Oxide vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1284", "CVE-2015-1272", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1285", "CVE-2015-5605", "CVE-2015-1329", "CVE-2015-1270", "CVE-2015-1289", "CVE-2015-1287", "CVE-2015-1283", "CVE-2015-1280", "CVE-2015-1281"], "modified": "2015-08-04T00:00:00", "id": "USN-2677-1", "href": "https://ubuntu.com/security/notices/USN-2677-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:36:42", "description": "It was discovered that Expat incorrectly handled malformed XML data. If a \nuser or application linked against Expat were tricked into opening a \ncrafted XML file, an attacker could cause a denial of service, or possibly \nexecute arbitrary code.\n", "cvss3": {}, "published": "2015-08-31T00:00:00", "type": "ubuntu", "title": "Expat vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283"], "modified": "2015-08-31T00:00:00", "id": "USN-2726-1", "href": "https://ubuntu.com/security/notices/USN-2726-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-17T23:23:16", "description": "Atte Kettunen discovered that ICU incorrectly handled certain converter \nnames. If an application using ICU processed crafted data, a remote \nattacker could possibly cause it to crash. (CVE-2015-1270)\n\nIt was discovered that ICU incorrectly handled certain memory operations \nwhen processing data. If an application using ICU processed crafted data, \na remote attacker could possibly cause it to crash or potentially execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2015-2632, CVE-2015-4760)\n", "cvss3": {}, "published": "2015-09-16T00:00:00", "type": "ubuntu", "title": "ICU vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270", "CVE-2015-2632", "CVE-2015-4760"], "modified": "2015-09-16T00:00:00", "id": "USN-2740-1", "href": "https://ubuntu.com/security/notices/USN-2740-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-27T19:46:36", "description": "It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly \ncalled srand in certain circumstances. This could reduce the security of \ncalling applications. (CVE-2012-6702)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly \nhandled seeding the random number generator. A remote attacker could \npossibly use this issue to cause a denial of service. (CVE-2016-5300)\n\nGustavo Grieco discovered that the Expat code in XML-RPC for C and C++ \nincorrectly handled malformed XML data. If a user or application linked \nagainst XML-RPC for C and C++ were tricked into opening a crafted XML file, \nan attacker could cause a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-0718)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly \nhandled malformed XML data. If a user or application linked against XML-RPC \nfor C and C++ were tricked into opening a crafted XML file, an attacker \ncould cause a denial of service, or possibly execute arbitrary code. \n(CVE-2015-1283, CVE-2016-4472)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-20T00:00:00", "type": "ubuntu", "title": "XML-RPC for C and C++ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6702", "CVE-2015-1283", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300"], "modified": "2016-06-20T00:00:00", "id": "USN-3013-1", "href": "https://ubuntu.com/security/notices/USN-3013-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:15:54", "description": "Use-after-free vulnerability in\ncontent/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB\nimplementation in Google Chrome before 44.0.2403.89 allows remote attackers\nto cause a denial of service or possibly have unspecified other impact by\nleveraging an abort action before a certain write operation.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=472614>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1276", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1276"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1276", "href": "https://ubuntu.com/security/CVE-2015-1276", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:51", "description": "Integer overflow in the CJBig2_Image::expand function in\nfxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before\n44.0.2403.89, allows remote attackers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact via\nlarge height and stride values.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=483981>\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1279", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1279"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1279", "href": "https://ubuntu.com/security/CVE-2015-1279", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:53", "description": "core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before\n44.0.2403.89, does not properly determine the V8 context of a microtask,\nwhich allows remote attackers to bypass Content Security Policy (CSP)\nrestrictions by providing an image from an unintended source.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=487155>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1281", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1281"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1281", "href": "https://ubuntu.com/security/CVE-2015-1281", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:15:54", "description": "Use-after-free vulnerability in the accessibility implementation in Google\nChrome before 44.0.2403.89 allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact by leveraging lack of\ncertain validity checks for accessibility-tree data structures.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=479743>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1277", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1277"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1277", "href": "https://ubuntu.com/security/CVE-2015-1277", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:52", "description": "Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in\nPDFium in Google Chrome before 44.0.2403.89, allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via\ninvalid JPEG2000 data in a PDF document.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=459215>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | There are large changes between openjpeg trunk and the 1.5 and 1.3 branches that we shipped in Vivid and older. However, it looks like those code bases are also affected because I don't see similar sanity checks. As of 2015-07-24, I don't see a fix in the 1.5 branch.\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1273", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1273"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1273", "href": "https://ubuntu.com/security/CVE-2015-1273", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:53", "description": "The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in\nBlink, as used in Google Chrome before 44.0.2403.89, does not properly\ncheck for a page's maximum number of frames, which allows remote attackers\nto cause a denial of service (invalid count value and use-after-free) or\npossibly have unspecified other impact via crafted JavaScript code that\nmakes many createElement calls for IFRAME elements.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=493243>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1284", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1284"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1284", "href": "https://ubuntu.com/security/CVE-2015-1284", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:51", "description": "content/browser/web_contents/web_contents_impl.cc in Google Chrome before\n44.0.2403.89 does not ensure that a PDF document's modal dialog is closed\nupon navigation to an interstitial page, which allows remote attackers to\nspoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf\ndocument.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=482380>\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1278", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1278"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1278", "href": "https://ubuntu.com/security/CVE-2015-1278", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T13:53:23", "description": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and\nQtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a\ndenial of service (memory corruption) or execute arbitrary code via a\ncrafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-09T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1290", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1290"], "modified": "2018-01-09T00:00:00", "id": "UB:CVE-2015-1290", "href": "https://ubuntu.com/security/CVE-2015-1290", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:15:51", "description": "Google Chrome before 44.0.2403.89 does not ensure that the auto-open list\nomits all dangerous file types, which makes it easier for remote attackers\nto execute arbitrary code by providing a crafted file and leveraging a\nuser's previous \"Always open files of this type\" choice, related to\ndownload_commands.cc and download_prefs.cc.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=461858>\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1274", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1274"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1274", "href": "https://ubuntu.com/security/CVE-2015-1274", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:54", "description": "Use-after-free vulnerability in the GPU process implementation in Google\nChrome before 44.0.2403.89 allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact by leveraging the\ncontinued availability of a GPUChannelHost data structure during Blink\nshutdown, related to\ncontent/browser/gpu/browser_gpu_channel_host_factory.cc and\ncontent/renderer/render_thread_impl.cc.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=451456>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1272", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1272"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1272", "href": "https://ubuntu.com/security/CVE-2015-1272", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:53", "description": "Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode\nexception that limits the cases in which a Cascading Style Sheets (CSS)\ndocument is required to have the text/css content type, which allows remote\nattackers to bypass the Same Origin Policy via a crafted web site, related\nto core/fetch/CSSStyleSheetResource.cpp.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=419383>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1287", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1287"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1287", "href": "https://ubuntu.com/security/CVE-2015-1287", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:15:51", "description": "Multiple use-after-free vulnerabilities in\nfpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome\nbefore 44.0.2403.89, allow remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted PDF document, related\nto the (1) Document::delay and (2) Document::DoFieldDelay functions.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=487928>\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1282", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1282"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1282", "href": "https://ubuntu.com/security/CVE-2015-1282", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:54", "description": "SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89,\nallows remote attackers to cause a denial of service (memory corruption) or\npossibly have unspecified other impact by leveraging access to a renderer\nprocess and providing crafted serialized data.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=486947>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1280", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1280"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1280", "href": "https://ubuntu.com/security/CVE-2015-1280", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:52", "description": "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89\nallow attackers to cause a denial of service or possibly have other impact\nvia unknown vectors.\n\n#### Bugs\n\n * <https://crbug.com/507821>\n * <https://crbug.com/506749>\n * <https://crbug.com/504692>\n * <https://crbug.com/495682>\n * <https://crbug.com/492981>\n * <https://crbug.com/492448>\n * <https://crbug.com/491216>\n * <https://crbug.com/487286>\n * <https://crbug.com/486004>\n * <https://crbug.com/485855>\n * <https://crbug.com/484432>\n * <https://crbug.com/478575>\n * <https://crbug.com/477713>\n * <https://crbug.com/471990>\n * <https://crbug.com/460938>\n * <https://crbug.com/459898>\n * <https://crbug.com/458024>\n * <https://crbug.com/404462>\n * <https://crbug.com/401995>\n * <https://crbug.com/398235>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1289", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1289"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1289", "href": "https://ubuntu.com/security/CVE-2015-1289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:55", "description": "The ucnv_io_getConverterName function in common/ucnv_io.cpp in\nInternational Components for Unicode (ICU), as used in Google Chrome before\n44.0.2403.89, mishandles converter names with initial x- substrings, which\nallows remote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=444573>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | patch is mis-applied in icu 55.1-4\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1270", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1270", "href": "https://ubuntu.com/security/CVE-2015-1270", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:50", "description": "Cross-site scripting (XSS) vulnerability in the\nV8ContextNativeHandler::GetModuleSystem function in\nextensions/renderer/v8_context_native_handler.cc in Google Chrome before\n44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML\nby leveraging the lack of a certain V8 context restriction, aka a Blink\n\"Universal XSS (UXSS).\"\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=504011>\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1286", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1286"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1286", "href": "https://ubuntu.com/security/CVE-2015-1286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:15:53", "description": "The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in\nthe XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89,\ndoes not properly choose a truncation point, which makes it easier for\nremote attackers to obtain sensitive information via an unspecified\nlinear-time attack.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=498982>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1285", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1285"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1285", "href": "https://ubuntu.com/security/CVE-2015-1285", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:15:51", "description": "PDFium, as used in Google Chrome before 44.0.2403.89, does not properly\nhandle certain out-of-memory conditions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly have\nunspecified other impact via a crafted PDF document that triggers a large\nmemory allocation.", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1271", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1271"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1271", "href": "https://ubuntu.com/security/CVE-2015-1271", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:51", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does\nnot use an HTTPS session for downloading a Hunspell dictionary, which\nallows man-in-the-middle attackers to deliver incorrect spelling\nsuggestions or possibly have unspecified other impact via a crafted file, a\nrelated issue to CVE-2015-1263.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=479162>\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1288", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1288"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1288", "href": "https://ubuntu.com/security/CVE-2015-1288", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:16:41", "description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox\nESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers\nto execute arbitrary code by providing a large amount of compressed XML\ndata, a related issue to CVE-2015-1283.", "cvss3": {}, "published": "2015-05-13T00:00:00", "type": "ubuntucve", "title": "CVE-2015-2716", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2015-05-13T00:00:00", "id": "UB:CVE-2015-2716", "href": "https://ubuntu.com/security/CVE-2015-2716", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:54", "description": "Multiple integer overflows in the XML_GetBuffer function in Expat through\n2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,\nallow remote attackers to cause a denial of service (heap-based buffer\noverflow) or possibly have unspecified other impact via crafted XML data, a\nrelated issue to CVE-2015-2716.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=492052>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484>\n", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1283", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2015-07-22T00:00:00", "id": "UB:CVE-2015-1283", "href": "https://ubuntu.com/security/CVE-2015-1283", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:11:13", "description": "The overflow protection in Expat is removed by compilers with certain\noptimization settings, which allows remote attackers to cause a denial of\nservice (crash) or possibly execute arbitrary code via crafted XML data.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2015-1283 and CVE-2015-2716.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | fixed in USN-2983-1 in the CVE-2015-1283-refix.patch patch \n[ebarretto](<https://launchpad.net/~ebarretto>) | tla uses system expat as of 1.3.5+dfsg-15\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-18T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4472", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716", "CVE-2016-4472"], "modified": "2016-05-18T00:00:00", "id": "UB:CVE-2016-4472", "href": "https://ubuntu.com/security/CVE-2016-4472", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:14", "description": "Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1276", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1276"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1276", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1276", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1279", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1279"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1279", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1279", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1281", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1281"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1281", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1281", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1277", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1277"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1277", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1277", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka \"Universal XSS (UXSS).\"", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1275", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1275"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1275", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1275", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1273", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1273"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1273", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1273", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1284", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1284"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1284", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1284", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1278", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1278"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1278", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1278", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-09T16:29:00", "type": "debiancve", "title": "CVE-2015-1290", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1290"], "modified": "2018-01-09T16:29:00", "id": "DEBIANCVE:CVE-2015-1290", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1290", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous \"Always open files of this type\" choice, related to download_commands.cc and download_prefs.cc.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1274", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1274"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1274", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1274", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1272", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1272"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1272", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1272", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1287", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1287"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1287", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1287", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1282", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1282"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1282", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1282", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1280", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1280"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1280", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1280", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1289", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1289"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1289", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T05:59:35", "description": "The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1270", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1270"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1270", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1270", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\"", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1286", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1286"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1286", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1285", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1285"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1285", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1285", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1271", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1271"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1271", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1271", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T19:29:31", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1288", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1288"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1288", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1288", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-24T03:07:57", "description": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1283", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1283", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1283", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-24T03:07:57", "description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-30T17:59:00", "type": "debiancve", "title": "CVE-2016-4472", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-2716", "CVE-2016-4472"], "modified": "2016-06-30T17:59:00", "id": "DEBIANCVE:CVE-2016-4472", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4472", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:53:54", "description": "Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-23T00:59:00", "type": "cve", "title": "CVE-2015-1276", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1276"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:google:chrome:43.0.2357.134", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7z", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0"], "id": "CVE-2015-1276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1276", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:43.0.2357.134:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:53:58", "description": "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "cve", "title": "CVE-2015-1279", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1279"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:google:chrome:43.0.2357.134", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7z", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0"], "id": "CVE-2015-1279", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1279", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:43.0.2357.134:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:54:00", "description": "core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "cve", "title": "CVE-2015-1281", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1281"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:google:chrome:43.0.2357.134", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7z", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0"], "id": "CVE-2015-1281", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1281", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:43.0.2357.134:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:53:55", "description": "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "cve", "title": "CVE-2015-1277", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString":