ID 9D732078-32C7-11E5-B263-00262D5ED8EE Type freebsd Reporter FreeBSD Modified 2015-07-21T00:00:00
Description
Google Chrome Releases reports:
43 security fixes in this release, including:
[446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium.
Credit to cloudfuzzer.
[459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium.
Credit to makosoft.
[461858] High CVE-2015-1274: Settings allowed executable files
to run immediately after download. Credit to andrewm.bpi.
[462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit
to WangTao(neobyte) of Baidu X-Team.
[472614] High CVE-2015-1276: Use-after-free in IndexedDB.
Credit to Collin Payne.
[483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium.
Credit to mlafon.
[486947] High CVE-2015-1280: Memory corruption in skia. Credit
to cloudfuzzer.
[487155] High CVE-2015-1281: CSP bypass. Credit to Masato
Kinugawa.
[487928] High CVE-2015-1282: Use-after-free in pdfium. Credit
to Chamal de Silva.
[492052] High CVE-2015-1283: Heap-buffer-overflow in expat.
Credit to sidhpurwala.huzaifa.
[493243] High CVE-2015-1284: Use-after-free in blink. Credit to
Atte Kettunen of OUSPG.
[504011] High CVE-2015-1286: UXSS in blink. Credit to
anonymous.
[505374] High CVE-2015-1290: Memory corruption in V8. Credit to
Yongjun Liu of NSFOCUS Security Team.
[419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to
filedescriptor.
[444573] Medium CVE-2015-1270: Uninitialized memory read in
ICU. Credit to Atte Kettunen of OUSPG.
[451456] Medium CVE-2015-1272: Use-after-free related to
unexpected GPU process termination. Credit to Chamal de
Silva.
[479743] Medium CVE-2015-1277: Use-after-free in accessibility.
Credit to SkyLined.
[482380] Medium CVE-2015-1278: URL spoofing using pdf files.
Credit to Chamal de Silva.
[498982] Medium CVE-2015-1285: Information leak in XSS auditor.
Credit to gazheyes.
[479162] Low CVE-2015-1288: Spell checking dictionaries fetched
over HTTP. Credit to mike@michaelruddy.com.
[512110] CVE-2015-1289: Various fixes from internal audits,
fuzzing and other initiatives.
{"id": "9D732078-32C7-11E5-B263-00262D5ED8EE", "bulletinFamily": "unix", "title": "chromium -- multiple vulnerabilities", "description": "\nGoogle Chrome Releases reports:\n\n43 security fixes in this release, including:\n\n[446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium.\n\t Credit to cloudfuzzer.\n[459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium.\n\t Credit to makosoft.\n[461858] High CVE-2015-1274: Settings allowed executable files\n\t to run immediately after download. Credit to andrewm.bpi.\n[462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit\n\t to WangTao(neobyte) of Baidu X-Team.\n[472614] High CVE-2015-1276: Use-after-free in IndexedDB.\n\t Credit to Collin Payne.\n[483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium.\n\t Credit to mlafon.\n[486947] High CVE-2015-1280: Memory corruption in skia. Credit\n\t to cloudfuzzer.\n[487155] High CVE-2015-1281: CSP bypass. Credit to Masato\n\t Kinugawa.\n[487928] High CVE-2015-1282: Use-after-free in pdfium. Credit\n\t to Chamal de Silva.\n[492052] High CVE-2015-1283: Heap-buffer-overflow in expat.\n\t Credit to sidhpurwala.huzaifa.\n[493243] High CVE-2015-1284: Use-after-free in blink. Credit to\n\t Atte Kettunen of OUSPG.\n[504011] High CVE-2015-1286: UXSS in blink. Credit to\n\t anonymous.\n[505374] High CVE-2015-1290: Memory corruption in V8. Credit to\n\t Yongjun Liu of NSFOCUS Security Team.\n[419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to\n\t filedescriptor.\n[444573] Medium CVE-2015-1270: Uninitialized memory read in\n\t ICU. Credit to Atte Kettunen of OUSPG.\n[451456] Medium CVE-2015-1272: Use-after-free related to\n\t unexpected GPU process termination. Credit to Chamal de\n\t Silva.\n[479743] Medium CVE-2015-1277: Use-after-free in accessibility.\n\t Credit to SkyLined.\n[482380] Medium CVE-2015-1278: URL spoofing using pdf files.\n\t Credit to Chamal de Silva.\n[498982] Medium CVE-2015-1285: Information leak in XSS auditor.\n\t Credit to gazheyes.\n[479162] Low CVE-2015-1288: Spell checking dictionaries fetched\n\t over HTTP. Credit to mike@michaelruddy.com.\n[512110] CVE-2015-1289: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "published": "2015-07-21T00:00:00", "modified": "2015-07-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/9d732078-32c7-11e5-b263-00262d5ed8ee.html", "reporter": "FreeBSD", "references": ["http://googlechromereleases.blogspot.nl/"], "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1275", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284", "CVE-2015-1290"], "type": "freebsd", "lastseen": "2018-08-31T01:14:36", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-npapi", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-pulse", "packageVersion": "44.0.2403.89"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1275", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284", "CVE-2015-1290"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nGoogle Chrome Releases reports:\n\n43 security fixes in this release, including:\n\n[446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium.\n\t Credit to cloudfuzzer.\n[459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium.\n\t Credit to makosoft.\n[461858] High CVE-2015-1274: Settings allowed executable files\n\t to run immediately after download. Credit to andrewm.bpi.\n[462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit\n\t to WangTao(neobyte) of Baidu X-Team.\n[472614] High CVE-2015-1276: Use-after-free in IndexedDB.\n\t Credit to Collin Payne.\n[483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium.\n\t Credit to mlafon.\n[486947] High CVE-2015-1280: Memory corruption in skia. Credit\n\t to cloudfuzzer.\n[487155] High CVE-2015-1281: CSP bypass. Credit to Masato\n\t Kinugawa.\n[487928] High CVE-2015-1282: Use-after-free in pdfium. Credit\n\t to Chamal de Silva.\n[492052] High CVE-2015-1283: Heap-buffer-overflow in expat.\n\t Credit to sidhpurwala.huzaifa.\n[493243] High CVE-2015-1284: Use-after-free in blink. Credit to\n\t Atte Kettunen of OUSPG.\n[504011] High CVE-2015-1286: UXSS in blink. Credit to\n\t anonymous.\n[505374] High CVE-2015-1290: Memory corruption in V8. Credit to\n\t Yongjun Liu of NSFOCUS Security Team.\n[419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to\n\t filedescriptor.\n[444573] Medium CVE-2015-1270: Uninitialized memory read in\n\t ICU. Credit to Atte Kettunen of OUSPG.\n[451456] Medium CVE-2015-1272: Use-after-free related to\n\t unexpected GPU process termination. Credit to Chamal de\n\t Silva.\n[479743] Medium CVE-2015-1277: Use-after-free in accessibility.\n\t Credit to SkyLined.\n[482380] Medium CVE-2015-1278: URL spoofing using pdf files.\n\t Credit to Chamal de Silva.\n[498982] Medium CVE-2015-1285: Information leak in XSS auditor.\n\t Credit to gazheyes.\n[479162] Low CVE-2015-1288: Spell checking dictionaries fetched\n\t over HTTP. Credit to mike@michaelruddy.com.\n[512110] CVE-2015-1289: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "edition": 1, "enchantments": {"score": {"modified": "2016-09-26T17:24:16", "value": 8.5}}, "hash": "530d1de668d5e13c8beedacb42631d2c27a54b290a5958c064162e97138aa1ad", "hashmap": [{"hash": "8fc9ac8405fb610cd51462bed95f9a04", "key": "references"}, {"hash": "f2fc86205bbdcc937de18a4d12929cf8", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "45f8583d066e58bd48f97d3a3a51906d", "key": "href"}, {"hash": "dd1b520ee3cb3098d8dee4eed3018c04", "key": "description"}, {"hash": "074678768792f524dbc04e7b227c681c", "key": "published"}, {"hash": "074678768792f524dbc04e7b227c681c", "key": "modified"}, {"hash": "6dc0b36d5254b2567083dee29ceab81f", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "1da2aa697baf3a99f6fde426413b807a", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/9d732078-32c7-11e5-b263-00262d5ed8ee.html", "id": "9D732078-32C7-11E5-B263-00262D5ED8EE", "lastseen": "2016-09-26T17:24:16", "modified": "2015-07-21T00:00:00", "objectVersion": "1.2", "published": "2015-07-21T00:00:00", "references": ["http://googlechromereleases.blogspot.nl/"], "reporter": "FreeBSD", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:16"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-npapi", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-pulse", "packageVersion": "44.0.2403.89"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1275", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284", "CVE-2015-1290"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nGoogle Chrome Releases reports:\n\n43 security fixes in this release, including:\n\n[446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium.\n\t Credit to cloudfuzzer.\n[459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium.\n\t Credit to makosoft.\n[461858] High CVE-2015-1274: Settings allowed executable files\n\t to run immediately after download. Credit to andrewm.bpi.\n[462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit\n\t to WangTao(neobyte) of Baidu X-Team.\n[472614] High CVE-2015-1276: Use-after-free in IndexedDB.\n\t Credit to Collin Payne.\n[483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium.\n\t Credit to mlafon.\n[486947] High CVE-2015-1280: Memory corruption in skia. Credit\n\t to cloudfuzzer.\n[487155] High CVE-2015-1281: CSP bypass. Credit to Masato\n\t Kinugawa.\n[487928] High CVE-2015-1282: Use-after-free in pdfium. Credit\n\t to Chamal de Silva.\n[492052] High CVE-2015-1283: Heap-buffer-overflow in expat.\n\t Credit to sidhpurwala.huzaifa.\n[493243] High CVE-2015-1284: Use-after-free in blink. Credit to\n\t Atte Kettunen of OUSPG.\n[504011] High CVE-2015-1286: UXSS in blink. Credit to\n\t anonymous.\n[505374] High CVE-2015-1290: Memory corruption in V8. Credit to\n\t Yongjun Liu of NSFOCUS Security Team.\n[419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to\n\t filedescriptor.\n[444573] Medium CVE-2015-1270: Uninitialized memory read in\n\t ICU. Credit to Atte Kettunen of OUSPG.\n[451456] Medium CVE-2015-1272: Use-after-free related to\n\t unexpected GPU process termination. Credit to Chamal de\n\t Silva.\n[479743] Medium CVE-2015-1277: Use-after-free in accessibility.\n\t Credit to SkyLined.\n[482380] Medium CVE-2015-1278: URL spoofing using pdf files.\n\t Credit to Chamal de Silva.\n[498982] Medium CVE-2015-1285: Information leak in XSS auditor.\n\t Credit to gazheyes.\n[479162] Low CVE-2015-1288: Spell checking dictionaries fetched\n\t over HTTP. Credit to mike@michaelruddy.com.\n[512110] CVE-2015-1289: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "bbb7238e238c55aa67c4aa8316762e34e4341ce5e9aea3506d40a7379b7cc789", "hashmap": [{"hash": "8fc9ac8405fb610cd51462bed95f9a04", "key": "references"}, {"hash": "f2fc86205bbdcc937de18a4d12929cf8", "key": "title"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "45f8583d066e58bd48f97d3a3a51906d", "key": "href"}, {"hash": "dd1b520ee3cb3098d8dee4eed3018c04", "key": "description"}, {"hash": "074678768792f524dbc04e7b227c681c", "key": "published"}, {"hash": "074678768792f524dbc04e7b227c681c", "key": "modified"}, {"hash": "6dc0b36d5254b2567083dee29ceab81f", "key": "affectedPackage"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "1da2aa697baf3a99f6fde426413b807a", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/9d732078-32c7-11e5-b263-00262d5ed8ee.html", "id": "9D732078-32C7-11E5-B263-00262D5ED8EE", "lastseen": "2018-08-30T19:14:22", "modified": "2015-07-21T00:00:00", "objectVersion": "1.3", "published": "2015-07-21T00:00:00", "references": ["http://googlechromereleases.blogspot.nl/"], "reporter": "FreeBSD", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:14:22"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-npapi", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-pulse", "packageVersion": "44.0.2403.89"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1275", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284", "CVE-2015-1290"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "\nGoogle Chrome Releases reports:\n\n43 security fixes in this release, including:\n\n[446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium.\n\t Credit to cloudfuzzer.\n[459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium.\n\t Credit to makosoft.\n[461858] High CVE-2015-1274: Settings allowed executable files\n\t to run immediately after download. Credit to andrewm.bpi.\n[462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit\n\t to WangTao(neobyte) of Baidu X-Team.\n[472614] High CVE-2015-1276: Use-after-free in IndexedDB.\n\t Credit to Collin Payne.\n[483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium.\n\t Credit to mlafon.\n[486947] High CVE-2015-1280: Memory corruption in skia. Credit\n\t to cloudfuzzer.\n[487155] High CVE-2015-1281: CSP bypass. Credit to Masato\n\t Kinugawa.\n[487928] High CVE-2015-1282: Use-after-free in pdfium. Credit\n\t to Chamal de Silva.\n[492052] High CVE-2015-1283: Heap-buffer-overflow in expat.\n\t Credit to sidhpurwala.huzaifa.\n[493243] High CVE-2015-1284: Use-after-free in blink. Credit to\n\t Atte Kettunen of OUSPG.\n[504011] High CVE-2015-1286: UXSS in blink. Credit to\n\t anonymous.\n[505374] High CVE-2015-1290: Memory corruption in V8. Credit to\n\t Yongjun Liu of NSFOCUS Security Team.\n[419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to\n\t filedescriptor.\n[444573] Medium CVE-2015-1270: Uninitialized memory read in\n\t ICU. Credit to Atte Kettunen of OUSPG.\n[451456] Medium CVE-2015-1272: Use-after-free related to\n\t unexpected GPU process termination. Credit to Chamal de\n\t Silva.\n[479743] Medium CVE-2015-1277: Use-after-free in accessibility.\n\t Credit to SkyLined.\n[482380] Medium CVE-2015-1278: URL spoofing using pdf files.\n\t Credit to Chamal de Silva.\n[498982] Medium CVE-2015-1285: Information leak in XSS auditor.\n\t Credit to gazheyes.\n[479162] Low CVE-2015-1288: Spell checking dictionaries fetched\n\t over HTTP. Credit to mike@michaelruddy.com.\n[512110] CVE-2015-1289: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "eae2c143d4c648df4a53341a44b879c28ea0a15a2ea33eaafcf63ac4b1a6ec4f", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "8fc9ac8405fb610cd51462bed95f9a04", "key": "references"}, {"hash": "f2fc86205bbdcc937de18a4d12929cf8", "key": "title"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "45f8583d066e58bd48f97d3a3a51906d", "key": "href"}, {"hash": "dd1b520ee3cb3098d8dee4eed3018c04", "key": "description"}, {"hash": "074678768792f524dbc04e7b227c681c", "key": "published"}, {"hash": "074678768792f524dbc04e7b227c681c", "key": "modified"}, {"hash": "6dc0b36d5254b2567083dee29ceab81f", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "1da2aa697baf3a99f6fde426413b807a", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/9d732078-32c7-11e5-b263-00262d5ed8ee.html", "id": "9D732078-32C7-11E5-B263-00262D5ED8EE", "lastseen": "2018-02-05T16:53:47", "modified": "2015-07-21T00:00:00", "objectVersion": "1.3", "published": "2015-07-21T00:00:00", "references": ["http://googlechromereleases.blogspot.nl/"], "reporter": "FreeBSD", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-02-05T16:53:47"}], "edition": 4, "hashmap": [{"key": "affectedPackage", "hash": "6dc0b36d5254b2567083dee29ceab81f"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "1da2aa697baf3a99f6fde426413b807a"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "dd1b520ee3cb3098d8dee4eed3018c04"}, {"key": "href", "hash": "45f8583d066e58bd48f97d3a3a51906d"}, {"key": "modified", "hash": "074678768792f524dbc04e7b227c681c"}, {"key": "published", "hash": "074678768792f524dbc04e7b227c681c"}, {"key": "references", "hash": "8fc9ac8405fb610cd51462bed95f9a04"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "f2fc86205bbdcc937de18a4d12929cf8"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "eae2c143d4c648df4a53341a44b879c28ea0a15a2ea33eaafcf63ac4b1a6ec4f", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_9D73207832C711E5B26300262D5ED8EE.NASL", "OPENSUSE-2015-513.NASL", "GOOGLE_CHROME_44_0_2403_89.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_89.NASL", "REDHAT-RHSA-2015-1499.NASL", "UBUNTU_USN-2677-1.NASL", "DEBIAN_DSA-3315.NASL", "GENTOO_GLSA-201603-09.NASL", "DEBIAN_DSA-3360.NASL", "FREEBSD_PKG_0DA8A68E600A11E6A6C314DAE9D210B8.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:603611CA0EA45F34F1C1E31D5FBEC166"]}, {"type": "archlinux", "idList": ["ASA-201507-18", "ASA-201605-22", "ASA-201603-23", "ASA-201605-23"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805934", "OPENVAS:1361412562310805935", "OPENVAS:1361412562310850665", "OPENVAS:1361412562310805936", "OPENVAS:1361412562310130090", "OPENVAS:1361412562310703315", "OPENVAS:1361412562310842401", "OPENVAS:703315", "OPENVAS:1361412562310121451", "OPENVAS:703360"]}, {"type": "kaspersky", "idList": ["KLA10636"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1287-1", "OPENSUSE-SU-2016:1441-1", "SUSE-SU-2016:1512-1", "SUSE-SU-2016:1508-1", "OPENSUSE-SU-2016:1523-1"]}, {"type": "redhat", "idList": ["RHSA-2015:1499"]}, {"type": "ubuntu", "idList": ["USN-2677-1", "USN-2726-1", "USN-2740-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3315-1:DF83F", "DEBIAN:DSA-3360-1:A29C1", "DEBIAN:DSA-3318-1:6F723", "DEBIAN:DSA-3582-1:D0BF8", "DEBIAN:DLA-281-1:C24AD"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14602", "SECURITYVULNS:DOC:32351", "SECURITYVULNS:DOC:32533", "SECURITYVULNS:DOC:32385", "SECURITYVULNS:VULN:14621", "SECURITYVULNS:VULN:14704"]}, {"type": "cve", "idList": ["CVE-2015-1287", "CVE-2015-1290", "CVE-2015-1274", "CVE-2015-1275", "CVE-2015-1273", "CVE-2015-1277", "CVE-2015-1279", "CVE-2015-1276", "CVE-2015-1284", "CVE-2015-1280"]}, {"type": "f5", "idList": ["F5:K15104541", "F5:K50459349", "SOL22232964", "F5:K22232964"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132738"]}, {"type": "gentoo", "idList": ["GLSA-201603-09"]}, {"type": "freebsd", "idList": ["0DA8A68E-600A-11E6-A6C3-14DAE9D210B8"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:07FC899E9F5F58E4BEDD842E4A4820A4"]}], "modified": "2018-08-31T01:14:36"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-npapi", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium", "packageVersion": "44.0.2403.89"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium-pulse", "packageVersion": "44.0.2403.89"}]}
{"nessus": [{"lastseen": "2019-02-21T01:24:42", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n43 security fixes in this release, including :\n\n- [446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.\n\n- [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.\n\n- [461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi.\n\n- [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.\n\n- [472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.\n\n- [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.\n\n- [486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.\n\n- [487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.\n\n- [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.\n\n- [492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.\n\n- [493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.\n\n- [504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.\n\n- [505374] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team.\n\n- [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.\n\n- [444573] Medium CVE-2015-1270: Uninitialized memory read in ICU.\nCredit to Atte Kettunen of OUSPG.\n\n- [451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.\n\n- [479743] Medium CVE-2015-1277: Use-after-free in accessibility.\nCredit to SkyLined.\n\n- [482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.\n\n- [498982] Medium CVE-2015-1285: Information leak in XSS auditor.\nCredit to gazheyes.\n\n- [479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com.\n\n- [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_9D73207832C711E5B26300262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84994", "published": "2015-07-27T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (9d732078-32c7-11e5-b263-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84994);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1290\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (9d732078-32c7-11e5-b263-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n43 security fixes in this release, including :\n\n- [446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit\nto cloudfuzzer.\n\n- [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit\nto makosoft.\n\n- [461858] High CVE-2015-1274: Settings allowed executable files to\nrun immediately after download. Credit to andrewm.bpi.\n\n- [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to\nWangTao(neobyte) of Baidu X-Team.\n\n- [472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to\nCollin Payne.\n\n- [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit\nto mlafon.\n\n- [486947] High CVE-2015-1280: Memory corruption in skia. Credit to\ncloudfuzzer.\n\n- [487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.\n\n- [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to\nChamal de Silva.\n\n- [492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit\nto sidhpurwala.huzaifa.\n\n- [493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte\nKettunen of OUSPG.\n\n- [504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.\n\n- [505374] High CVE-2015-1290: Memory corruption in V8. Credit to\nYongjun Liu of NSFOCUS Security Team.\n\n- [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to\nfiledescriptor.\n\n- [444573] Medium CVE-2015-1270: Uninitialized memory read in ICU.\nCredit to Atte Kettunen of OUSPG.\n\n- [451456] Medium CVE-2015-1272: Use-after-free related to unexpected\nGPU process termination. Credit to Chamal de Silva.\n\n- [479743] Medium CVE-2015-1277: Use-after-free in accessibility.\nCredit to SkyLined.\n\n- [482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit\nto Chamal de Silva.\n\n- [498982] Medium CVE-2015-1285: Information leak in XSS auditor.\nCredit to gazheyes.\n\n- [479162] Low CVE-2015-1288: Spell checking dictionaries fetched over\nHTTP. Credit to mike@michaelruddy.com.\n\n- [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # http://googlechromereleases.blogspot.nl/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/\"\n );\n # https://vuxml.freebsd.org/freebsd/9d732078-32c7-11e5-b263-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49fbd5e3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<44.0.2403.89\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<44.0.2403.89\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<44.0.2403.89\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:40", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 44.0.2403.89. It is, therefore, affected by multiple vulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code or cause a denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU process is unexpectedly terminated. An attacker can exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows EXE files to be auto-opened, which can result in the execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Google Chrome for Android due to improper validation of 'intent://' URLs. An attacker, using a specially crafted request, can exploit this to execute arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a use-after-free memory error in the method ui::AXTree::Unserialize. An attacker can exploit this to cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method CJBig2_Image::expand() in file JBig2_Image.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation of user-supplied input, which an attacker can exploit to corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the file javascript/Document.cpp. An attacker, using a crafted file, can exploit this to execute arbitrary code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that allows an attacker to gain access to sensitive information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Blink due to improper validation of unspecified input. An attacker, using a crafted request, can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of the quirks-mode exception for CSS MIME types, which allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc, related to the downloading of spellchecker dictionaries over HTTP, which allows a man-in-the-middle to corrupt the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by internal auditing, fuzzing, and other initiatives, which can result in a denial of service, execution of arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)", "modified": "2018-07-14T00:00:00", "id": "MACOSX_GOOGLE_CHROME_44_0_2403_89.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84922", "published": "2015-07-22T00:00:00", "title": "Google Chrome < 44.0.2403.89 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84922);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-1270\",\n \"CVE-2015-1271\",\n \"CVE-2015-1272\",\n \"CVE-2015-1273\",\n \"CVE-2015-1274\",\n \"CVE-2015-1275\",\n \"CVE-2015-1276\",\n \"CVE-2015-1277\",\n \"CVE-2015-1278\",\n \"CVE-2015-1279\",\n \"CVE-2015-1280\",\n \"CVE-2015-1281\",\n \"CVE-2015-1282\",\n \"CVE-2015-1283\",\n \"CVE-2015-1284\",\n \"CVE-2015-1285\",\n \"CVE-2015-1286\",\n \"CVE-2015-1287\",\n \"CVE-2015-1288\",\n \"CVE-2015-1289\"\n );\n script_bugtraq_id(75973);\n\n script_name(english:\"Google Chrome < 44.0.2403.89 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an\n attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to\n improper validation of user-supplied input. An attacker\n can exploit this to execute arbitrary code or cause a\n denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU\n process is unexpectedly terminated. An attacker can\n exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows\n EXE files to be auto-opened, which can result in the\n execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Google Chrome for Android due to improper\n validation of 'intent://' URLs. An attacker, using a\n specially crafted request, can exploit this to execute\n arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that\n can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a\n use-after-free memory error in the method\n ui::AXTree::Unserialize. An attacker can exploit this to\n cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that\n allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method\n CJBig2_Image::expand() in file JBig2_Image.cpp due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service or the execution of\n arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation\n of user-supplied input, which an attacker can exploit to\n corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to\n bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the\n file javascript/Document.cpp. An attacker, using a\n crafted file, can exploit this to execute arbitrary\n code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can\n allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that\n allows an attacker to gain access to sensitive\n information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Blink due to improper validation of\n unspecified input. An attacker, using a crafted request,\n can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of\n the quirks-mode exception for CSS MIME types, which\n allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc,\n related to the downloading of spellchecker dictionaries\n over HTTP, which allows a man-in-the-middle to corrupt\n the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by\n internal auditing, fuzzing, and other initiatives,\n which can result in a denial of service, execution of\n arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)\");\n # http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?50bc47d5\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 44.0.2403.89 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2015/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'44.0.2403.89', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:40", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is prior to 44.0.2403.89. It is, therefore, affected by multiple vulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code or cause a denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU process is unexpectedly terminated. An attacker can exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows EXE files to be auto-opened, which can result in the execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Google Chrome for Android due to improper validation of 'intent://' URLs. An attacker, using a specially crafted request, can exploit this to execute arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a use-after-free memory error in the method ui::AXTree::Unserialize. An attacker can exploit this to cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method CJBig2_Image::expand() in file JBig2_Image.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation of user-supplied input, which an attacker can exploit to corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the file javascript/Document.cpp. An attacker, using a crafted file, can exploit this to execute arbitrary code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that allows an attacker to gain access to sensitive information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability exists in Blink due to improper validation of unspecified input. An attacker, using a crafted request, can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of the quirks-mode exception for CSS MIME types, which allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc, related to the downloading of spellchecker dictionaries over HTTP, which allows a man-in-the-middle to corrupt the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by internal auditing, fuzzing, and other initiatives, which can result in a denial of service, execution of arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)", "modified": "2018-07-12T00:00:00", "id": "GOOGLE_CHROME_44_0_2403_89.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84921", "published": "2015-07-22T00:00:00", "title": "Google Chrome < 44.0.2403.89 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84921);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2015-1270\",\n \"CVE-2015-1271\",\n \"CVE-2015-1272\",\n \"CVE-2015-1273\",\n \"CVE-2015-1274\",\n \"CVE-2015-1275\",\n \"CVE-2015-1276\",\n \"CVE-2015-1277\",\n \"CVE-2015-1278\",\n \"CVE-2015-1279\",\n \"CVE-2015-1280\",\n \"CVE-2015-1281\",\n \"CVE-2015-1282\",\n \"CVE-2015-1283\",\n \"CVE-2015-1284\",\n \"CVE-2015-1285\",\n \"CVE-2015-1286\",\n \"CVE-2015-1287\",\n \"CVE-2015-1288\",\n \"CVE-2015-1289\"\n );\n script_bugtraq_id(75973);\n\n script_name(english:\"Google Chrome < 44.0.2403.89 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 44.0.2403.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An uninitialized memory read flaw exists in ICU that an\n attacker can exploit to have unspecified impact.\n (CVE-2015-1270)\n\n - A heap buffer overflow condition exists in PDFium due to\n improper validation of user-supplied input. An attacker\n can exploit this to execute arbitrary code or cause a\n denial of service. (CVE-2015-1271, CVE-2015-1273)\n\n - A use-after-free memory error exists when the GPU\n process is unexpectedly terminated. An attacker can\n exploit this to have an unspecified impact.\n (CVE-2015-1272)\n\n - The settings for automatic downloading of files allows\n EXE files to be auto-opened, which can result in the\n execution of malicious code. (CVE-2015-1274)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Google Chrome for Android due to improper\n validation of 'intent://' URLs. An attacker, using a\n specially crafted request, can exploit this to execute\n arbitrary script code. (CVE-2015-1275)\n\n - A use-after-free memory error exists in IndexedDB that\n can allow an attacker to execute arbitrary code.\n (CVE-2015-1276)\n\n - A denial of service vulnerability exists due to a\n use-after-free memory error in the method\n ui::AXTree::Unserialize. An attacker can exploit this to\n cause a crash. (CVE-2015-1277)\n\n - An unspecified flaw exists when handling PDF files that\n allows an attacker to spoof URLs. (CVE-2015-1278)\n\n - An integer overflow condition exists in the method\n CJBig2_Image::expand() in file JBig2_Image.cpp due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service or the execution of\n arbitrary code. (CVE-2015-1279)\n\n - A flaw exists in Google Skia due to improper validation\n of user-supplied input, which an attacker can exploit to\n corrupt memory or execute arbitrary code.\n (CVE-2015-1280)\n\n - An unspecified flaw exists that allows an attacker to\n bypass the Content Security Policy. (CVE-2015-1281)\n\n - A use-after-free memory error exists in PDFium in the\n file javascript/Document.cpp. An attacker, using a\n crafted file, can exploit this to execute arbitrary\n code. (CVE-2015-1282)\n\n - A heap buffer overflow condition exists in 'expat'.\n No other information is available. (CVE-2015-1283)\n\n - A use-after-free memory error exists in Blink that can\n allow an attacker to execute arbitrary code.\n (CVE-2015-1284)\n\n - An unspecified flaw exists in the XSS auditor that\n allows an attacker to gain access to sensitive\n information. (CVE-2015-1285)\n\n - A universal cross-site scripting (UXSS) vulnerability\n exists in Blink due to improper validation of\n unspecified input. An attacker, using a crafted request,\n can exploit this to execute arbitrary script code.\n (CVE-2015-1286)\n\n - A flaw exists in WebKit related to the handling of\n the quirks-mode exception for CSS MIME types, which\n allows an attacker to bypass the cross-origin policy.\n (CVE-2015-1287)\n\n - A flaw exists in file spellcheck_hunspell_dictionary.cc,\n related to the downloading of spellchecker dictionaries\n over HTTP, which allows a man-in-the-middle to corrupt\n the downloaded dictionaries. (CVE-2015-1288)\n\n - Multiple vulnerabilities exist that were disclosed by\n internal auditing, fuzzing, and other initiatives,\n which can result in a denial of service, execution of\n arbitrary code, or other moderate to severe impact.\n (CVE-2015-1289)\");\n # http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?50bc47d5\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 44.0.2403.89 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2015/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2015/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'44.0.2403.89', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:43", "bulletinFamily": "scanner", "description": "Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1271: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1273: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1274: Settings allowed executable files to run immediately after download\n\n - CVE-2015-1275: UXSS in Chrome for Android\n\n - CVE-2015-1276: Use-after-free in IndexedDB\n\n - CVE-2015-1279: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1280: Memory corruption in skia\n\n - CVE-2015-1281: CSP bypass\n\n - CVE-2015-1282: Use-after-free in pdfium\n\n - CVE-2015-1283: Heap-buffer-overflow in expat\n\n - CVE-2015-1284: Use-after-free in blink\n\n - CVE-2015-1286: UXSS in blink\n\n - CVE-2015-1287: SOP bypass with CSS\n\n - CVE-2015-1270: Uninitialized memory read in ICU\n\n - CVE-2015-1272: Use-after-free related to unexpected GPU process termination\n\n - CVE-2015-1277: Use-after-free in accessibility\n\n - CVE-2015-1278: URL spoofing using pdf files\n\n - CVE-2015-1285: Information leak in XSS auditor\n\n - CVE-2015-1288: Spell checking dictionaries fetched over HTTP\n\n - CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives\n\n - CVE-2015-5605: Rgular-expression implementation mishandles interrupts, DoS via JS\n\nThe following non-security changes are included :\n\n - A number of new apps/extension APIs\n\n - Lots of under the hood changes for stability and performance\n\n - Pepper Flash plugin updated to 18.0.0.209", "modified": "2016-10-13T00:00:00", "id": "OPENSUSE-2015-513.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85003", "published": "2015-07-27T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2015-513)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-513.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85003);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2015-513)\");\n script_summary(english:\"Check for the openSUSE-2015-513 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1271: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1273: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1274: Settings allowed executable files to run\n immediately after download\n\n - CVE-2015-1275: UXSS in Chrome for Android\n\n - CVE-2015-1276: Use-after-free in IndexedDB\n\n - CVE-2015-1279: Heap-buffer-overflow in pdfium\n\n - CVE-2015-1280: Memory corruption in skia\n\n - CVE-2015-1281: CSP bypass\n\n - CVE-2015-1282: Use-after-free in pdfium\n\n - CVE-2015-1283: Heap-buffer-overflow in expat\n\n - CVE-2015-1284: Use-after-free in blink\n\n - CVE-2015-1286: UXSS in blink\n\n - CVE-2015-1287: SOP bypass with CSS\n\n - CVE-2015-1270: Uninitialized memory read in ICU\n\n - CVE-2015-1272: Use-after-free related to unexpected GPU\n process termination\n\n - CVE-2015-1277: Use-after-free in accessibility\n\n - CVE-2015-1278: URL spoofing using pdf files\n\n - CVE-2015-1285: Information leak in XSS auditor\n\n - CVE-2015-1288: Spell checking dictionaries fetched over\n HTTP\n\n - CVE-2015-1289: Various fixes from internal audits,\n fuzzing and other initiatives\n\n - CVE-2015-5605: Rgular-expression implementation\n mishandles interrupts, DoS via JS\n\nThe following non-security changes are included :\n\n - A number of new apps/extension APIs\n\n - Lots of under the hood changes for stability and\n performance\n\n - Pepper Flash plugin updated to 18.0.0.209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=939077\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-44.0.2403.89-93.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-44.0.2403.89-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-44.0.2403.89-38.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:44", "bulletinFamily": "scanner", "description": "Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272, CVE-2015-1273, CVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279, CVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285, CVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)\n\nAll Chromium users should upgrade to these updated packages, which contain Chromium version 44.0.2403.89, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2015-1499.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85039", "published": "2015-07-28T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2015:1499)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1499. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85039);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\");\n script_xref(name:\"RHSA\", value:\"2015:1499\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2015:1499)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272,\nCVE-2015-1273, CVE-2015-1274, CVE-2015-1276, CVE-2015-1277,\nCVE-2015-1278, CVE-2015-1279, CVE-2015-1281, CVE-2015-1282,\nCVE-2015-1283, CVE-2015-1284, CVE-2015-1285, CVE-2015-1286,\nCVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 44.0.2403.89, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # http://googlechromereleases.blogspot.com/2015/07/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2015/07/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1289\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1499\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-44.0.2403.89-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-44.0.2403.89-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-44.0.2403.89-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-44.0.2403.89-1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:48", "bulletinFamily": "scanner", "description": "An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implemetation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context of a microtask in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Content Security Policy (CSP) restrictions.\n(CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page's maximum number of frames in some circumstances, resulting in a use-after-free. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly choose a truncation point. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-1285)\n\nAn issue was discovered in the CSS implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions.\n(CVE-2015-1287)\n\nMultiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1289)\n\nA use-after-free was discovered in oxide::qt::URLRequestDelegatedJob in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program.\n(CVE-2015-1329)\n\nA crash was discovered in the regular expression implementation in V8 in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-5605).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2677-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85240", "published": "2015-08-05T00:00:00", "title": "Ubuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2677-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2677-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85240);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1287\", \"CVE-2015-1289\", \"CVE-2015-1329\", \"CVE-2015-5605\");\n script_xref(name:\"USN\", value:\"2677-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2677-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An uninitialized value issue was discovered in ICU. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service. (CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implemetation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context\nof a microtask in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to bypass Content Security Policy (CSP) restrictions.\n(CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page's maximum number\nof frames in some circumstances, resulting in a use-after-free. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia renderer crash, or execute arbitrary code with the privileges of\nthe sandboxed render process. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly\nchoose a truncation point. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto obtain sensitive information. (CVE-2015-1285)\n\nAn issue was discovered in the CSS implementation in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to bypass same-origin restrictions.\n(CVE-2015-1287)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1289)\n\nA use-after-free was discovered in oxide::qt::URLRequestDelegatedJob\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2015-1329)\n\nA crash was discovered in the regular expression implementation in V8\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service. (CVE-2015-5605).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2677-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.8.4-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.8.4-0ubuntu0.15.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:42", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu.\n\n - CVE-2015-1267 A way to bypass the Same Origin Policy was discovered.\n\n - CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\n - CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed.\n\n - CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\n - CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library.\n\n - CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation.\n\n - CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium.\n\n - CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download.\n\n - CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation.\n\n - CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium's accessibility implementation.\n\n - CVE-2015-1278 Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\n - CVE-2015-1279 mlafon discovered a buffer overflow in the pdfium library.\n\n - CVE-2015-1280 cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\n - CVE-2015-1281 Masato Knugawa discovered a way to bypass the Content Security Policy.\n\n - CVE-2015-1282 Chamal de Silva discovered multiple use-after-free issues in the pdfium library.\n\n - CVE-2015-1283 Huzaifa Sidhpurwala discovered a buffer overflow in the expat library.\n\n - CVE-2015-1284 Atte Kettunen discovered that the maximum number of page frames was not correctly checked.\n\n - CVE-2015-1285 gazheyes discovered an information leak in the XSS auditor, which normally helps to prevent certain classes of cross-site scripting problems.\n\n - CVE-2015-1286 A cross-site scripting issue was discovered in the interface to the v8 JavaScript library.\n\n - CVE-2015-1287 filedescriptor discovered a way to bypass the Same Origin Policy.\n\n - CVE-2015-1288 Mike Ruddy discovered that the spellchecking dictionaries could still be downloaded over plain HTTP (related to CVE-2015-1263 ).\n\n - CVE-2015-1289 The chrome 44 development team found and fixed various issues during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension by default in this version, which if enabled downloads files without the user's intervention.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3315.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84992", "published": "2015-07-27T00:00:00", "title": "Debian DSA-3315-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3315. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84992);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\", \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_bugtraq_id(75332, 75333, 75334, 75336, 75973);\n script_xref(name:\"DSA\", value:\"3315\");\n\n script_name(english:\"Debian DSA-3315-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1266\n Intended access restrictions could be bypassed for\n certain URLs like chrome://gpu.\n\n - CVE-2015-1267\n A way to bypass the Same Origin Policy was discovered.\n\n - CVE-2015-1268\n Mariusz Mlynski also discovered a way to bypass the Same\n Origin Policy.\n\n - CVE-2015-1269\n Mike Rudy discovered that hostnames were not properly\n compared in the HTTP Strict Transport Policy and HTTP\n Public Key Pinning features, which could allow those\n access restrictions to be bypassed.\n\n - CVE-2015-1270\n Atte Kettunen discovered an uninitialized memory read in\n the ICU library.\n\n - CVE-2015-1271\n cloudfuzzer discovered a buffer overflow in the pdfium\n library.\n\n - CVE-2015-1272\n Chamal de Silva discovered race conditions in the GPU\n process implementation.\n\n - CVE-2015-1273\n makosoft discovered a buffer overflow in openjpeg, which\n is used by the pdfium library embedded in chromium.\n\n - CVE-2015-1274\n andrewm.bpi discovered that the auto-open list allowed\n certain file types to be executed immediately after\n download.\n\n - CVE-2015-1276\n Colin Payne discovered a use-after-free issue in the\n IndexedDB implementation.\n\n - CVE-2015-1277\n SkyLined discovered a use-after-free issue in chromium's\n accessibility implementation.\n\n - CVE-2015-1278\n Chamal de Silva discovered a way to use PDF documents to\n spoof a URL.\n\n - CVE-2015-1279\n mlafon discovered a buffer overflow in the pdfium\n library.\n\n - CVE-2015-1280\n cloudfuzzer discovered a memory corruption issue in the\n SKIA library.\n\n - CVE-2015-1281\n Masato Knugawa discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2015-1282\n Chamal de Silva discovered multiple use-after-free\n issues in the pdfium library.\n\n - CVE-2015-1283\n Huzaifa Sidhpurwala discovered a buffer overflow in the\n expat library.\n\n - CVE-2015-1284\n Atte Kettunen discovered that the maximum number of page\n frames was not correctly checked.\n\n - CVE-2015-1285\n gazheyes discovered an information leak in the XSS\n auditor, which normally helps to prevent certain classes\n of cross-site scripting problems.\n\n - CVE-2015-1286\n A cross-site scripting issue was discovered in the\n interface to the v8 JavaScript library.\n\n - CVE-2015-1287\n filedescriptor discovered a way to bypass the Same\n Origin Policy.\n\n - CVE-2015-1288\n Mike Ruddy discovered that the spellchecking\n dictionaries could still be downloaded over plain HTTP\n (related to CVE-2015-1263 ).\n\n - CVE-2015-1289\n The chrome 44 development team found and fixed various\n issues during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3315\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 44.0.2403.89-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:03", "bulletinFamily": "scanner", "description": "It was discovered that the International Components for Unicode (ICU) library mishandles converter names starting with x-, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3360.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85944", "published": "2015-09-16T00:00:00", "title": "Debian DSA-3360-1 : icu - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3360. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85944);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-1270\");\n script_xref(name:\"DSA\", value:\"3360\");\n\n script_name(english:\"Debian DSA-3360-1 : icu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x-, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3360\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icu packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"icu-devtools\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icu-doc\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu-dev\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu52\", reference:\"52.1-8+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu52-dbg\", reference:\"52.1-8+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:26:26", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201603-09 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2016-10-10T00:00:00", "id": "GENTOO_GLSA-201603-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89902", "published": "2016-03-14T00:00:00", "title": "GLSA-201603-09 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89902);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:25:16 $\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\", \"CVE-2015-1295\", \"CVE-2015-1296\", \"CVE-2015-1297\", \"CVE-2015-1298\", \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1302\", \"CVE-2015-1303\", \"CVE-2015-1304\", \"CVE-2015-6755\", \"CVE-2015-6756\", \"CVE-2015-6757\", \"CVE-2015-6758\", \"CVE-2015-6759\", \"CVE-2015-6760\", \"CVE-2015-6761\", \"CVE-2015-6762\", \"CVE-2015-6763\", \"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\", \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\", \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\", \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\", \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\", \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\", \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-6792\", \"CVE-2015-8126\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\", \"CVE-2016-1621\", \"CVE-2016-1622\", \"CVE-2016-1623\", \"CVE-2016-1624\", \"CVE-2016-1625\", \"CVE-2016-1626\", \"CVE-2016-1627\", \"CVE-2016-1628\", \"CVE-2016-1629\", \"CVE-2016-1630\", \"CVE-2016-1631\", \"CVE-2016-1632\", \"CVE-2016-1633\", \"CVE-2016-1634\", \"CVE-2016-1635\", \"CVE-2016-1636\", \"CVE-2016-1637\", \"CVE-2016-1638\", \"CVE-2016-1639\", \"CVE-2016-1640\", \"CVE-2016-1641\");\n script_xref(name:\"GLSA\", value:\"201603-09\");\n\n script_name(english:\"GLSA-201603-09 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-09\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-49.0.2623.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 49.0.2623.87\"), vulnerable:make_list(\"lt 49.0.2623.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:00", "bulletinFamily": "scanner", "description": "It was discovered that Expat incorrectly handled malformed XML data.\nIf a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2726-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85724", "published": "2015-09-01T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : expat vulnerability (USN-2726-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2726-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85724);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2015-1283\");\n script_xref(name:\"USN\", value:\"2726-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : expat vulnerability (USN-2726-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Expat incorrectly handled malformed XML data.\nIf a user or application linked against Expat were tricked into\nopening a crafted XML file, an attacker could cause a denial of\nservice, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2726-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lib64expat1 and / or libexpat1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7.2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7.2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"lib64expat1\", pkgver:\"2.1.0-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libexpat1\", pkgver:\"2.1.0-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"lib64expat1\", pkgver:\"2.1.0-6ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libexpat1\", pkgver:\"2.1.0-6ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lib64expat1 / libexpat1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "description": "Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-1271: Heap-buffer-overflow in pdfium\n * CVE-2015-1273: Heap-buffer-overflow in pdfium\n * CVE-2015-1274: Settings allowed executable files to run immediately\n after download\n * CVE-2015-1275: UXSS in Chrome for Android\n * CVE-2015-1276: Use-after-free in IndexedDB\n * CVE-2015-1279: Heap-buffer-overflow in pdfium\n * CVE-2015-1280: Memory corruption in skia\n * CVE-2015-1281: CSP bypass\n * CVE-2015-1282: Use-after-free in pdfium\n * CVE-2015-1283: Heap-buffer-overflow in expat\n * CVE-2015-1284: Use-after-free in blink\n * CVE-2015-1286: UXSS in blink\n * CVE-2015-1287: SOP bypass with CSS\n * CVE-2015-1270: Uninitialized memory read in ICU\n * CVE-2015-1272: Use-after-free related to unexpected GPU process\n termination\n * CVE-2015-1277: Use-after-free in accessibility\n * CVE-2015-1278: URL spoofing using pdf files\n * CVE-2015-1285: Information leak in XSS auditor\n * CVE-2015-1288: Spell checking dictionaries fetched over HTTP\n * CVE-2015-1289: Various fixes from internal audits, fuzzing and other\n initiatives\n * CVE-2015-5605: Rgular-expression implementation mishandles interrupts,\n DoS via JS\n\n The following non-security changes are included:\n\n * A number of new apps/extension APIs\n * Lots of under the hood changes for stability and performance\n * Pepper Flash plugin updated to 18.0.0.209\n\n", "modified": "2015-07-26T21:08:24", "published": "2015-07-26T21:08:24", "id": "OPENSUSE-SU-2015:1287-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "description": "This update for expat fixes the following security issues:\n\n - CVE-2015-1283: Fixed multiple integer overflows that could lead to\n buffer overflows [boo#980391]\n - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of\n malformed input documents [boo#979441].\n\n", "modified": "2016-05-30T14:09:21", "published": "2016-05-30T14:09:21", "id": "OPENSUSE-SU-2016:1441-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html", "title": "Security update for expat (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:19:38", "bulletinFamily": "unix", "description": "This update for expat fixes the following issues:\n\n Security issue fixed:\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) This update\n was imported from the SUSE:SLE-12:Update update project.\n\n", "modified": "2016-06-08T12:07:50", "published": "2016-06-08T12:07:50", "id": "OPENSUSE-SU-2016:1523-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html", "title": "Security update for expat (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:28:28", "bulletinFamily": "unix", "description": "This update for expat fixes the following issues:\n\n Security issue fixed:\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391)\n\n", "modified": "2016-06-07T13:08:02", "published": "2016-06-07T13:08:02", "id": "SUSE-SU-2016:1508-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html", "title": "Security update for expat (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:40:33", "bulletinFamily": "unix", "description": "This update for expat fixes the following issues:\n\n Security issue fixed:\n - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of\n malformed input documents. (bsc#979441)\n - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391)\n\n", "modified": "2016-06-07T17:08:51", "published": "2016-06-07T17:08:51", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html", "id": "SUSE-SU-2016:1512-1", "title": "Security update for expat (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-20T14:43:15", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310805936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805936", "title": "Google Chrome Multiple Vulnerabilities-01 July15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 July15 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-21\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805936\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\",\n \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\",\n \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1286\", \"CVE-2015-1287\",\n \"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1277\", \"CVE-2015-1278\",\n \"CVE-2015-1285\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\",\n \"CVE-2015-1290\");\n script_bugtraq_id(75973, 76007);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 14:50:34 +0530 (Thu, 23 Jul 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 July15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple heap based buffer-overflow in pdfium.\n\n - An error which allows executable files to run immediately after download.\n\n - A use-after-free error in IndexedDB.\n\n - A memory corruption error in skia.\n\n - An error allowing content security policy (CSP) bypass.\n\n - A use-after-free error in pdfium.\n\n - A heap based buffer-overflow in expat.\n\n - A use-after-free error in blink.\n\n - Universal cross-site scripting (UXSS) error in blink.\n\n - An error in cascading style sheets (CSS) allowing to bypass same origin\n policy.\n\n - Uninitialized memory read error in ICU.\n\n - A use-after-free error related to unexpected GPU process termination.\n\n - A use-after-free error in accessibility.\n\n - An error leading to URL spoofing using pdf files.\n\n - An error leading to information leak in XSS auditor.\n\n - An error allowing spell checking dictionaries to be fetched over HTTP.\n\n - The regular-expression implementation in Google V8 mishandles interrupts.\n\n - Various other unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause a denial of service condition\n or potentially execute arbitrary code, conduct spoofing attack, gain sensitive\n information and other unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 44.0.2403.89 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 44.0.2403.89 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/07/stable-channel-update_21.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"44.0.2403.89\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"44.0.2403.89\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:01:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-08-11T00:00:00", "id": "OPENVAS:1361412562310850665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850665", "title": "SuSE Update for Chromium openSUSE-SU-2015:1287-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1287_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2015:1287-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850665\");\n script_version(\"$Revision: 12381 $\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\",\n \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\",\n \"CVE-2015-5605\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-11 11:55:23 +0530 (Tue, 11 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2015:1287-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 44.0.2403.89 to fix multiple security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-1271: Heap-buffer-overflow in pdfium\n\n * CVE-2015-1273: Heap-buffer-overflow in pdfium\n\n * CVE-2015-1274: Settings allowed executable files to run immediately\n after download\n\n * CVE-2015-1275: UXSS in Chrome for Android\n\n * CVE-2015-1276: Use-after-free in IndexedDB\n\n * CVE-2015-1279: Heap-buffer-overflow in pdfium\n\n * CVE-2015-1280: Memory corruption in skia\n\n * CVE-2015-1281: CSP bypass\n\n * CVE-2015-1282: Use-after-free in pdfium\n\n * CVE-2015-1283: Heap-buffer-overflow in expat\n\n * CVE-2015-1284: Use-after-free in blink\n\n * CVE-2015-1286: UXSS in blink\n\n * CVE-2015-1287: SOP bypass with CSS\n\n * CVE-2015-1270: Uninitialized memory read in ICU\n\n * CVE-2015-1272: Use-after-free related to unexpected GPU process\n termination\n\n * CVE-2015-1277: Use-after-free in accessibility\n\n * CVE-2015-1278: URL spoofing using pdf files\n\n * CVE-2015-1285: Information leak in XSS auditor\n\n * CVE-2015-1288: Spell checking dictionaries fetched over HTTP\n\n * CVE-2015-1289: Various fixes from internal audits, fuzzing and other\n initiatives\n\n * CVE-2015-5605: Rgular-expression implementation mishandles interrupts,\n DoS via JS\n\n The following non-security changes are included:\n\n * A number of new apps/extension APIs\n\n * Lots of under the hood changes for stability and performance\n\n * Pepper Flash plugin updated to 18.0.0.209\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1287_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~44.0.2403.89~93.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-20T14:42:31", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310805935", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805935", "title": "Google Chrome Multiple Vulnerabilities-01 July15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 July15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-21\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805935\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\",\n \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\",\n \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1286\", \"CVE-2015-1287\",\n \"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1277\", \"CVE-2015-1278\",\n \"CVE-2015-1285\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\",\n \"CVE-2015-1290\");\n script_bugtraq_id(75973, 76007);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 14:49:13 +0530 (Thu, 23 Jul 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 July15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple heap based buffer-overflow in pdfium.\n\n - An error which allows executable files to run immediately after download.\n\n - A use-after-free error in IndexedDB.\n\n - A memory corruption error in skia.\n\n - An error allowing content security policy (CSP) bypass.\n\n - A use-after-free error in pdfium.\n\n - A heap based buffer-overflow in expat.\n\n - A use-after-free error in blink.\n\n - Universal cross-site scripting (UXSS) error in blink.\n\n - An error in cascading style sheets (CSS) allowing to bypass same origin\n policy.\n\n - Uninitialized memory read error in ICU.\n\n - A use-after-free error related to unexpected GPU process termination.\n\n - A use-after-free error in accessibility.\n\n - An error leading to URL spoofing using pdf files.\n\n - An error leading to information leak in XSS auditor.\n\n - An error allowing spell checking dictionaries to be fetched over HTTP.\n\n - The regular-expression implementation in Google V8 mishandles interrupts.\n\n - Various other unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause a denial of service condition\n or potentially execute arbitrary code, conduct spoofing attack, gain sensitive\n information and other unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 44.0.2403.89 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 44.0.2403.89 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/07/stable-channel-update_21.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"44.0.2403.89\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"44.0.2403.89\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-20T14:43:41", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310805934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805934", "title": "Google Chrome Multiple Vulnerabilities-01 July15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 July15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-21\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805934\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\",\n \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\",\n \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1286\", \"CVE-2015-1287\",\n \"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1277\", \"CVE-2015-1278\",\n \"CVE-2015-1285\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-5605\",\n \"CVE-2015-1290\");\n script_bugtraq_id(75973, 76007);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 13:02:12 +0530 (Thu, 23 Jul 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 July15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple heap based buffer-overflow in pdfium.\n\n - An error which allows executable files to run immediately after download.\n\n - A use-after-free error in IndexedDB.\n\n - A memory corruption error in skia.\n\n - An error allowing content security policy (CSP) bypass.\n\n - A use-after-free error in pdfium.\n\n - A heap based buffer-overflow in expat.\n\n - A use-after-free error in blink.\n\n - Universal cross-site scripting (UXSS) error in blink.\n\n - An error in cascading style sheets (CSS) allowing to bypass same origin\n policy.\n\n - Uninitialized memory read error in ICU.\n\n - A use-after-free error related to unexpected GPU process termination.\n\n - A use-after-free error in accessibility.\n\n - An error leading to URL spoofing using pdf files.\n\n - An error leading to information leak in XSS auditor.\n\n - An error allowing spell checking dictionaries to be fetched over HTTP.\n\n - The regular-expression implementation in Google V8 mishandles interrupts.\n\n - Various other unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause a denial of service condition\n or potentially execute arbitrary code, conduct spoofing attack, gain sensitive\n information and other unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 44.0.2403.89 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 44.0.2403.89 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/07/stable-channel-update_21.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"44.0.2403.89\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"44.0.2403.89\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-01T10:27:27", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2015-0288", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130090", "title": "Mageia Linux Local Check: mgasa-2015-0288", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0288.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130090\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:35 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0288\");\n script_tag(name:\"insight\", value:\"Chromium-browser 44.0.2403.107 fixes several security issues.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0288.html\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1263\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0288\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"chromium-browser-stable\", rpm:\"chromium-browser-stable~44.0.2403.107~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-14T14:27:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-08-05T00:00:00", "id": "OPENVAS:1361412562310842401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842401", "title": "Ubuntu Update for oxide-qt USN-2677-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-2677-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842401\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-05 05:08:52 +0200 (Wed, 05 Aug 2015)\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1272\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1283\", \"CVE-2015-1284\",\n \"CVE-2015-1285\", \"CVE-2015-1287\", \"CVE-2015-1289\", \"CVE-2015-1329\",\n \"CVE-2015-5605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-2677-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"An uninitialized value issue was discovered\nin ICU. If a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service.\n(CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context of\na microtask in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nbypass Content Security Policy (CSP) restrictions. (CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page's maximum number of\nframes in some circumstances, resulting in a use-after-free. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer crash,\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly choose a\ntruncation point. If a user were tricked in to open ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2677-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2677-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.8.4-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.8.4-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:50", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266 \nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267 \nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268 \nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269 \nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270 \nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271 \ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272 \nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273 \nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274 \nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276 \nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277 \nSkyLined discovered a use-after-free issue in chromium", "modified": "2017-07-07T00:00:00", "published": "2015-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703315", "id": "OPENVAS:703315", "title": "Debian Security Advisory DSA 3315-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3315.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3315-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703315);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1263\", \"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\",\n \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\",\n \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_name(\"Debian Security Advisory DSA 3315-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-23 00:00:00 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3315.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266 \nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267 \nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268 \nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269 \nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270 \nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271 \ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272 \nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273 \nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274 \nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276 \nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277 \nSkyLined discovered a use-after-free issue in chromium's accessibility\nimplementation.\n\nCVE-2015-1278 \nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279 \nmlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280 \ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281 \nMasato Knugawa discovered a way to bypass the Content Security\nPolicy.\n\nCVE-2015-1282 \nChamal de Silva discovered multiple use-after-free issues in the\npdfium library.\n\nCVE-2015-1283 \nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\nlibrary.\n\nCVE-2015-1284 \nAtte Kettunen discovered that the maximum number of page frames\nwas not correctly checked.\n\nCVE-2015-1285 \ngazheyes discovered an information leak in the XSS auditor,\nwhich normally helps to prevent certain classes of cross-site\nscripting problems.\n\nCVE-2015-1286 \nA cross-site scripting issue was discovered in the interface to\nthe v8 javascript library.\n\nCVE-2015-1287 \nfiledescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288Mike Ruddy discovered that the spellchecking dictionaries could\nstill be downloaded over plain HTTP (related to CVE-2015-1263 \n).\n\nCVE-2015-1289 \nThe chrome 44 development team found and fixed various issues\nduring internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-19T12:36:51", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267\nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273\nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274\nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276\nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277\nSkyLined discovered a use-after-free issue in chromium", "modified": "2019-03-18T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310703315", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703315", "title": "Debian Security Advisory DSA 3315-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3315.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3315-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703315\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-1263\", \"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\",\n \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\",\n \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_name(\"Debian Security Advisory DSA 3315-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 00:00:00 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3315.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267\nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273\nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274\nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276\nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277\nSkyLined discovered a use-after-free issue in chromium's accessibility\nimplementation.\n\nCVE-2015-1278\nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\nmlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\nMasato Knugawa discovered a way to bypass the Content Security\nPolicy.\n\nCVE-2015-1282\nChamal de Silva discovered multiple use-after-free issues in the\npdfium library.\n\nCVE-2015-1283\nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\nlibrary.\n\nCVE-2015-1284\nAtte Kettunen discovered that the maximum number of page frames\nwas not correctly checked.\n\nCVE-2015-1285\ngazheyes discovered an information leak in the XSS auditor,\nwhich normally helps to prevent certain classes of cross-site\nscripting problems.\n\nCVE-2015-1286\nA cross-site scripting issue was discovered in the interface to\nthe v8 javascript library.\n\nCVE-2015-1287\nfiledescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288Mike Ruddy discovered that the spellchecking dictionaries could\nstill be downloaded over plain HTTP (related to CVE-2015-1263\n).\n\nCVE-2015-1289\nThe chrome 44 development team found and fixed various issues\nduring internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-12T12:38:39", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks", "modified": "2018-10-12T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310121451", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121451", "title": "Gentoo Security Advisory GLSA 201603-09", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201603-09.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121451\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 15:52:45 +0200 (Mon, 14 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201603-09\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201603-09\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\", \"CVE-2015-1295\", \"CVE-2015-1296\", \"CVE-2015-1297\", \"CVE-2015-1298\", \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1302\", \"CVE-2015-1303\", \"CVE-2015-1304\", \"CVE-2015-6755\", \"CVE-2015-6756\", \"CVE-2015-6757\", \"CVE-2015-6758\", \"CVE-2015-6759\", \"CVE-2015-6760\", \"CVE-2015-6761\", \"CVE-2015-6762\", \"CVE-2015-6763\", \"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\", \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\", \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\", \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\", \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\", \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\", \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-6792\", \"CVE-2015-8126\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\", \"CVE-2016-1621\", \"CVE-2016-1622\", \"CVE-2016-1623\", \"CVE-2016-1624\", \"CVE-2016-1625\", \"CVE-2016-1626\", \"CVE-2016-1627\", \"CVE-2016-1628\", \"CVE-2016-1629\", \"CVE-2016-1630\", \"CVE-2016-1631\", \"CVE-2016-1632\", \"CVE-2016-1633\", \"CVE-2016-1634\", \"CVE-2016-1635\", \"CVE-2016-1636\", \"CVE-2016-1637\", \"CVE-2016-1638\", \"CVE-2016-1639\", \"CVE-2016-1640\", \"CVE-2016-1641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 49.0.2623.87\"), vulnerable: make_list(\"lt 49.0.2623.87\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:43", "bulletinFamily": "scanner", "description": "It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x- \n, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.", "modified": "2017-07-07T00:00:00", "published": "2015-09-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703360", "id": "OPENVAS:703360", "title": "Debian Security Advisory DSA 3360-1 (icu - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3360.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3360-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703360);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1270\");\n script_name(\"Debian Security Advisory DSA 3360-1 (icu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-15 00:00:00 +0200 (Tue, 15 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3360.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icu on Debian Linux\");\n script_tag(name: \"insight\", value: \"ICU is a C++ and C library that provides robust and full-featured\nUnicode and locale support.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 55.1-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 55.1-5.\n\nWe recommend that you upgrade your icu packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x- \n, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icu-devtools\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu52\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu52-dbg\", ver:\"52.1-8+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:19", "bulletinFamily": "info", "description": "### *Detect date*:\n07/21/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service or (and) obtain sensitive information via specially crafted JavaScript code, specially crafted web site, unspecified linear-time attack, crafted XML data, crafted PDF document and other unknown vectors.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 44.0.2403.89\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.\n\n### *Original advisories*:\n[Google Chrome blog post](<http://googlechromereleases.blogspot.ru/2015/07/stable-channel-update_21.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-1287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287>)4.3Critical \n[CVE-2015-1288](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288>)6.8Critical \n[CVE-2015-1281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281>)4.3Critical \n[CVE-2015-1278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278>)4.3Critical \n[CVE-2015-1277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277>)7.5Critical \n[CVE-2015-1280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280>)7.5Critical \n[CVE-2015-1279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279>)7.5Critical \n[CVE-2015-1282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282>)6.8Critical \n[CVE-2015-1273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273>)6.8Critical \n[CVE-2015-1272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272>)7.5Critical \n[CVE-2015-1283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283>)6.8Critical \n[CVE-2015-1284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284>)7.5Critical \n[CVE-2015-1285](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285>)5.0Critical \n[CVE-2015-1276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276>)7.5Critical \n[CVE-2015-1286](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286>)4.3Critical \n[CVE-2015-1275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1275>)4.3Critical \n[CVE-2015-1270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270>)6.8Critical \n[CVE-2015-1289](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289>)7.5Critical \n[CVE-2015-1274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274>)6.8Critical \n[CVE-2015-1271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271>)6.8Critical", "modified": "2019-03-07T00:00:00", "published": "2015-07-21T00:00:00", "id": "KLA10636", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10636", "title": "\r KLA10636Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:31", "bulletinFamily": "info", "description": "A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category.\n\nTwo of the more serious vulnerabilities fixed in [Chrome 44](<http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html>) are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout engine in Chrome. The other one is in Chrome for Android. Universal XSS vulnerabilities allow attackers to exploit XSS bugs in browsers rather than on sites. Each of those vulnerabilities earned the researchers who reported them a $7,500 bug bounty from Google.\n\nAs part of that bounty program, Google paid out roughly $40,000 to external researchers who reported vulnerabilities to the company. Among the other vulnerabilities patched in this release are three heap buffer overflows in pdfium, the PDF rendering engine in Chrome. There also are a number of use-after-free bugs in various components patched in Chrome 44.\n\nHere\u2019s the list of vulnerabilities reported by external researchers:\n\n[$3000][[**446032**](<https://code.google.com/p/chromium/issues/detail?id=446032>)] **High** CVE-2015-1271: Heap-buffer-overflow in pdfium. _Credit to cloudfuzzer._\n\n[$3000][[**459215**](<https://code.google.com/p/chromium/issues/detail?id=459215>)] **High** CVE-2015-1273: Heap-buffer-overflow in pdfium. _Credit to makosoft_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**461858**](<https://code.google.com/p/chromium/issues/detail?id=461858>)] **High** CVE-2015-1274: Settings allowed executable files to run immediately after download. _Credit to andrewm.bpi_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$7500][[**462843**](<https://code.google.com/p/chromium/issues/detail?id=462843>)] **High** CVE-2015-1275: UXSS in Chrome for Android. _Credit to WangTao(neobyte) of Baidu X-Team_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**472614**](<https://code.google.com/p/chromium/issues/detail?id=472614>)] **High** CVE-2015-1276: Use-after-free in IndexedDB. _Credit to Collin Payne_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$5500][[**483981**](<https://code.google.com/p/chromium/issues/detail?id=483981>)] **High** CVE-2015-1279: Heap-buffer-overflow in pdfium. _Credit to mlafon_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$5000][[**486947**](<https://code.google.com/p/chromium/issues/detail?id=486947>)] **High** CVE-2015-1280: Memory corruption in skia. _Credit to cloudfuzzer_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$1000][[**487155**](<https://code.google.com/p/chromium/issues/detail?id=487155>)] **High **CVE-2015-1281: CSP bypass. _Credit to Masato Kinugawa_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**487928**](<https://code.google.com/p/chromium/issues/detail?id=487928>)] **High** CVE-2015-1282: Use-after-free in pdfium. _Credit to Chamal de Silva_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$TBD][[**492052**](<https://code.google.com/p/chromium/issues/detail?id=492052>)] **High** CVE-2015-1283: Heap-buffer-overflow in expat. _Credit to sidhpurwala.huzaifa_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$2000][[**493243**](<https://code.google.com/p/chromium/issues/detail?id=493243>)] **High** CVE-2015-1284: Use-after-free in blink. _Credit to Atte Kettunen of OUSPG._\n\n[$7500][[**504011**](<https://code.google.com/p/chromium/issues/detail?id=504011>)] **High** CVE-2015-1286: UXSS in blink. _Credit to anonymous_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$1337][[**419383**](<https://code.google.com/p/chromium/issues/detail?id=419383>)] **Medium** CVE-2015-1287: SOP bypass with CSS. _Credit to filedescriptor._\n\n[$1000][[**444573**](<https://code.google.com/p/chromium/issues/detail?id=444573>)] **Medium** CVE-2015-1270: Uninitialized memory read in ICU. _Credit to Atte Kettunen of OUSPG._\n\n[$500][[**451456**](<https://code.google.com/p/chromium/issues/detail?id=451456>)] **Medium** CVE-2015-1272: Use-after-free related to unexpected GPU process termination. _Credit to Chamal de Silva_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[[**479743**](<https://code.google.com/p/chromium/issues/detail?id=479743>)] **Medium** CVE-2015-1277: Use-after-free in accessibility. _Credit to SkyLined_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$500][[**482380**](<https://code.google.com/p/chromium/issues/detail?id=482380>)] **Medium** CVE-2015-1278: URL spoofing using pdf files. _Credit to Chamal de Silva_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$1337][[**498982**](<https://code.google.com/p/chromium/issues/detail?id=498982>)] **Medium **CVE-2015-1285: Information leak in XSS auditor. _Credit to gazheyes_[**_._**](<https://code.google.com/u/117154691211413633534/>)\n\n[$500][[**479162**](<https://code.google.com/p/chromium/issues/detail?id=479162>)] **Low** CVE-2015-1288: Spell checking dictionaries fetched over HTTP. _Credit to mike@michaelruddy.com._\n", "modified": "2015-07-24T20:00:05", "published": "2015-07-22T09:23:06", "id": "THREATPOST:603611CA0EA45F34F1C1E31D5FBEC166", "href": "https://threatpost.com/google-patches-43-bugs-in-chrome/113892/", "type": "threatpost", "title": "Google Patches 43 Bugs in Chrome", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "description": "- CVE-2015-1270:\n\nUninitialized memory read in ICU.\n\n- CVE-2015-1271:\n\nHeap overflow in pdfium.\n\n- CVE-2015-1272, CVE-2015-1273, CVE-2015-1279:\n\nUse-after-free related to unexpected GPU process termination.\n\n- CVE-2015-1274:\n\nSettings allowed executable files to run immediately after download.\n\n- CVE-2015-1276 :\n\nUse-after-free in IndexedDB.\n\n- CVE-2015-1277:\n\nUse-after-free in accessibility.\n\n- CVE-2015-1278:\n\nURL spoofing using pdf files.\n\n- CVE-2015-1280:\n\nMemory corruption in skia.\n\n- CVE-2015-1281:\n\nCSP bypass.\n\n- CVE-2015-1282:\n\nUse-after-free in pdfium.\n\n- CVE-2015-1283:\n\nHeap-buffer-overflow in expat.\n\n- CVE-2015-1284:\n\nUse-after-free in blink.\n\n- CVE-2015-1285:\n\nInformation leak in XSS auditor.\n\n- CVE-2015-1286:\n\nUXSS in blink.\n\n- CVE-2015-1287:\n\nSOP bypass with CSS.\n\n- CVE-2015-1288:\n\nSpell checking dictionaries fetched over HTTP.\n\n- CVE-2015-1289:\n\nVarious fixes from internal audits, fuzzing and other initiatives.", "modified": "2015-07-23T00:00:00", "published": "2015-07-23T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html", "id": "ASA-201507-18", "title": "chromium: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "description": "- CVE-2015-1283 (arbitrary code execution)\n\nMultiple integer overflows in the XML_GetBuffer function allow remote\nattackers to cause a denial of service (heap-based buffer overflow) or\npossibly arbitrary code execution via crafted XML data.\nThis problem has already been fixed in version 2.1.0-1 but this update\nrefreshes the fix to avoid relying on undefined behavior.\n\n- CVE-2016-0718 (arbitrary code execution)\n\nThe Expat XML parser mishandles certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error\nreporting. The overflows can manifest as a segmentation fault or as\nmemory corruption during a parse operation. The bugs allow for a denial\nof service attack in many applications by an unauthenticated attacker,\nand could conceivably result in remote code execution.", "modified": "2016-05-18T00:00:00", "published": "2016-05-18T00:00:00", "id": "ASA-201605-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html", "type": "archlinux", "title": "expat: arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "description": "Multiple integer overflows in the XML_GetBuffer() function in Expat\nthrough 2.1.0 allow remote attackers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted XML data, a related issue to CVE-2015-2716.", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ASA-201603-23", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html", "title": "expat: arbitrary code execution", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "description": "- CVE-2015-1283 (arbitrary code execution)\n\nMultiple integer overflows in the XML_GetBuffer function allow remote\nattackers to cause a denial of service (heap-based buffer overflow) or\npossibly arbitrary code execution via crafted XML data.\nThis problem has already been fixed in version 2.1.0-1 but this update\nrefreshes the fix to avoid relying on undefined behavior.\n\n- CVE-2016-0718 (arbitrary code execution)\n\nThe Expat XML parser mishandles certain kinds of malformed input\ndocuments, resulting in buffer overflows during processing and error\nreporting. The overflows can manifest as a segmentation fault or as\nmemory corruption during a parse operation. The bugs allow for a denial\nof service attack in many applications by an unauthenticated attacker,\nand could conceivably result in remote code execution.", "modified": "2016-05-18T00:00:00", "published": "2016-05-18T00:00:00", "id": "ASA-201605-23", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html", "type": "archlinux", "title": "lib32-expat: arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:01", "bulletinFamily": "unix", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272, CVE-2015-1273,\nCVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279,\nCVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285,\nCVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 44.0.2403.89, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take \neffect.\n", "modified": "2018-06-07T09:04:36", "published": "2015-07-27T04:00:00", "id": "RHSA-2015:1499", "href": "https://access.redhat.com/errata/RHSA-2015:1499", "type": "redhat", "title": "(RHSA-2015:1499) Important: chromium-browser security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:58", "bulletinFamily": "unix", "description": "An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-1270)\n\nA use-after-free was discovered in the GPU process implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1272)\n\nA use-after-free was discovered in the IndexedDB implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1276)\n\nA use-after-free was discovered in the accessibility implemetation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1277)\n\nA memory corruption issue was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1280)\n\nIt was discovered that Blink did not properly determine the V8 context of a microtask in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Content Security Policy (CSP) restrictions. (CVE-2015-1281)\n\nMultiple integer overflows were discovered in Expat. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1283)\n\nIt was discovered that Blink did not enforce a page\u2019s maximum number of frames in some circumstances, resulting in a use-after-free. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1284)\n\nIt was discovered that the XSS auditor in Blink did not properly choose a truncation point. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-1285)\n\nAn issue was discovered in the CSS implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1287)\n\nMultiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1289)\n\nA use-after-free was discovered in oxide::qt::URLRequestDelegatedJob in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1329)\n\nA crash was discovered in the regular expression implementation in V8 in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-5605)", "modified": "2015-08-04T00:00:00", "published": "2015-08-04T00:00:00", "id": "USN-2677-1", "href": "https://usn.ubuntu.com/2677-1/", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:23", "bulletinFamily": "unix", "description": "It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code.", "modified": "2015-08-31T00:00:00", "published": "2015-08-31T00:00:00", "id": "USN-2726-1", "href": "https://usn.ubuntu.com/2726-1/", "title": "Expat vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:18", "bulletinFamily": "unix", "description": "Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. (CVE-2015-1270)\n\nIt was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-2632, CVE-2015-4760)", "modified": "2015-09-16T00:00:00", "published": "2015-09-16T00:00:00", "id": "USN-2740-1", "href": "https://usn.ubuntu.com/2740-1/", "title": "ICU vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:10", "bulletinFamily": "unix", "description": "It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)\n\nGustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718)\n\nIt was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-4472)", "modified": "2016-06-20T00:00:00", "published": "2016-06-20T00:00:00", "id": "USN-3013-1", "href": "https://usn.ubuntu.com/3013-1/", "title": "XML-RPC for C and C++ vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:20", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3315-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 23, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\n\n Intended access restrictions could be bypassed for certain URLs like\n chrome://gpu.\n\nCVE-2015-1267\n\n A way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\n\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\n\n Mike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\n\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\n\n cloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\n\n Chamal de Silva discovered race conditions in the GPU process\n implementation.\n\nCVE-2015-1273\n\n makosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.\n\nCVE-2015-1274\n\n andrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.\n\nCVE-2015-1276\n\n Colin Payne discovered a use-after-free issue in the IndexedDB\n implementation.\n\nCVE-2015-1277\n\n SkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.\n\nCVE-2015-1278\n\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\n\n mlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\n\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\n\n Masato Knugawa discovered a way to bypass the Content Security\n Policy.\n\nCVE-2015-1282\n\n Chamal de Silva discovered multiple use-after-free issues in the\n pdfium library.\n\nCVE-2015-1283\n\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.\n\nCVE-2015-1284\n\n Atte Kettunen discovered that the maximum number of page frames\n was not correctly checked.\n\nCVE-2015-1285\n\n gazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.\n\nCVE-2015-1286\n\n A cross-site scripting issue was discovered in the interface to\n the v8 javascript library.\n\nCVE-2015-1287\n\n filedescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288\n\n Mike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to CVE-2015-1263).\n\nCVE-2015-1289\n\n The chrome 44 development team found and fixed various issues\n during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-07-24T13:00:49", "published": "2015-07-24T13:00:49", "id": "DEBIAN:DSA-3315-1:DF83F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00211.html", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-08T14:20:57", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3360-1 security@debian.org\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\nSeptember 15, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icu\nCVE ID : CVE-2015-1270\nDebian Bug : 798647\n\nIt was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x- , which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 55.1-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 55.1-5.\n\nWe recommend that you upgrade your icu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-09-15T16:10:55", "published": "2015-09-15T16:10:55", "id": "DEBIAN:DSA-3360-1:A29C1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00259.html", "title": "[SECURITY] [DSA 3360-1] icu security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:32", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3318-1 security@debian.org\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\nJuly 26, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2015-1283\nDebian Bug : 793484\n\nMultiple integer overflows have been discovered in Expat, an XML parsing\nC library, which may result in denial of service or the execution of\narbitrary code if a malformed XML file is processed.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.1.0-1+deb7u2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0-7.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-07-26T17:55:21", "published": "2015-07-26T17:55:21", "id": "DEBIAN:DSA-3318-1:6F723", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00214.html", "title": "[SECURITY] [DSA 3318-1] expat security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:12:55", "bulletinFamily": "unix", "description": "Package : expat\nVersion : 2.0.1-7+squeeze2\nCVE ID : CVE-2015-1283\n\n Multiple integer overflows in the XML_GetBuffer function in Expat\n through 2.1.0, as used in Google Chrome before 44.0.2403.89 and\n other products, allow remote attackers to cause a denial of service\n (heap-based buffer overflow) or possibly have unspecified other\n impact via crafted XML data, a related issue to CVE-2015-2716.\n\n", "modified": "2015-07-25T14:45:31", "published": "2015-07-25T14:45:31", "id": "DEBIAN:DLA-281-1:C24AD", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201507/msg00021.html", "title": "[SECURITY] [DLA 281-1] expat security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:39", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3582-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2016-0718\n\nGustavo Grieco discovered that Expat, an XML parsing C library, does not\nproperly handle certain kinds of malformed input documents, resulting in\nbuffer overflows during processing and error reporting. A remote\nattacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u2. Additionally this update refreshes the fix for\nCVE-2015-1283 to avoid relying on undefined behavior.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-05-18T05:19:15", "published": "2016-05-18T05:19:15", "id": "DEBIAN:DSA-3582-1:D0BF8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00159.html", "title": "[SECURITY] [DSA 3582-1] expat security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Restrictions bypass, multiple memory corruptions, crossite scripting.", "modified": "2015-07-26T00:00:00", "published": "2015-07-26T00:00:00", "id": "SECURITYVULNS:VULN:14602", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14602", "title": "Google Chrome / Chromium multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3315-1 security@debian.org\r\nhttps://www.debian.org/security/ Michael Gilbert\r\nJuly 23, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\r\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\r\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\r\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\r\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\r\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\r\n\r\nSeveral vulnerabilities were discovered in the chromium web browser.\r\n\r\nCVE-2015-1266\r\n\r\n Intended access restrictions could be bypassed for certain URLs like\r\n chrome://gpu.\r\n\r\nCVE-2015-1267\r\n\r\n A way to bypass the Same Origin Policy was discovered.\r\n\r\nCVE-2015-1268\r\n\r\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\r\n\r\nCVE-2015-1269\r\n\r\n Mike Rudy discovered that hostnames were not properly compared in the\r\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\r\n which could allow those access restrictions to be bypassed.\r\n\r\nCVE-2015-1270\r\n\r\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\r\n\r\nCVE-2015-1271\r\n\r\n cloudfuzzer discovered a buffer overflow in the pdfium library.\r\n\r\nCVE-2015-1272\r\n\r\n Chamal de Silva discovered race conditions in the GPU process\r\n implementation.\r\n\r\nCVE-2015-1273\r\n\r\n makosoft discovered a buffer overflow in openjpeg, which is used by\r\n the pdfium library embedded in chromium.\r\n\r\nCVE-2015-1274\r\n\r\n andrewm.bpi discovered that the auto-open list allowed certain file\r\n types to be executed immediately after download.\r\n\r\nCVE-2015-1276\r\n\r\n Colin Payne discovered a use-after-free issue in the IndexedDB\r\n implementation.\r\n\r\nCVE-2015-1277\r\n\r\n SkyLined discovered a use-after-free issue in chromium's accessibility\r\n implementation.\r\n\r\nCVE-2015-1278\r\n\r\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\r\n\r\nCVE-2015-1279\r\n\r\n mlafon discovered a buffer overflow in the pdfium library.\r\n\r\nCVE-2015-1280\r\n\r\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\r\n\r\nCVE-2015-1281\r\n\r\n Masato Knugawa discovered a way to bypass the Content Security\r\n Policy.\r\n\r\nCVE-2015-1282\r\n\r\n Chamal de Silva discovered multiple use-after-free issues in the\r\n pdfium library.\r\n\r\nCVE-2015-1283\r\n\r\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\r\n library.\r\n\r\nCVE-2015-1284\r\n\r\n Atte Kettunen discovered that the maximum number of page frames\r\n was not correctly checked.\r\n\r\nCVE-2015-1285\r\n\r\n gazheyes discovered an information leak in the XSS auditor,\r\n which normally helps to prevent certain classes of cross-site\r\n scripting problems.\r\n\r\nCVE-2015-1286\r\n\r\n A cross-site scripting issue was discovered in the interface to\r\n the v8 javascript library.\r\n\r\nCVE-2015-1287\r\n\r\n filedescriptor discovered a way to bypass the Same Origin Policy.\r\n\r\nCVE-2015-1288\r\n\r\n Mike Ruddy discovered that the spellchecking dictionaries could\r\n still be downloaded over plain HTTP (related to CVE-2015-1263).\r\n\r\nCVE-2015-1289\r\n\r\n The chrome 44 development team found and fixed various issues\r\n during internal auditing.\r\n\r\nIn addition to the above issues, Google disabled the hotword extension\r\nby default in this version, which if enabled downloads files without\r\nthe user's intervention.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 44.0.2403.89-1~deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 44.0.2403.89-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJVsi9LAAoJELjWss0C1vRziN0gALQ34XXl/qN5BlJrTH+8xaUm\r\nZUZYAqSJK+QgFOOVxXiMWDREsLV7OcQ8CgAbq/l+jumfaq2yY6uVo61xT+mlzIY5\r\naVT6t72NX3fUR9dVxiW31M0qnY3jfNFd0tBD2Q42Zuh7PvDspLYKKsytrcyz5oYJ\r\nGFbxrW2C7/8bUmhd+muzfYCQ5VHohNMaV+QgeEPy/XUrgFgjWJlEVDSFIS9UnGsZ\r\ny+bI4ssZjC3/+SeqkyIxBzeqUK7zbt3cDqpyEtEjI1e6KijkJRbazWh2Lc9qkWON\r\nVOzU0o0Sb/ftdCV0Rbkfakk2cj2F3WAoZh7nFzCMAdqRVzczfUZFzyOH4Ups30CZ\r\nqjHy2K+cqtmDg2egsuDKI7M7k8uWlSWo2J6hyLY1UKHei5QwP3nLkC6BQUaTXxCW\r\ngt1IlVF77eoBOXTnVOXj59OQdh1KKXsZ9IkQVi3c3JunKHeOgYRPey8jNEjTp0IV\r\n7YNew1a8RnsIpf8GwTqCM8YaVUcxxQE7sv1ya7k2C0QTGQpqUlyT8FV/P1ZembDJ\r\n6fpqn/IQWv98ztj3yuuJA6SwI5uDpE69u3JUuGCweGL8iMN+DU9cyWcxfIvvAewK\r\nCAEehgKVA1HKfBZoCmS1lky4QCJZrgHyxSe1c3CW0pDy/IfOvV54Xzr3Qn9Whx19\r\nkq/tOP3UcrfGjyy2oRPTdKFEC9qUufrRoZw39d1yvVxsqtEzZp9ri6mND4WPuZYf\r\ni5mVplBPJsvXOC5RXJ/pnSu8IrsbC5Qz9CxSlWLcDx+DjktUuMza6lawJyKh3QUK\r\nGUOXMG4bC5CilN+r2Fm41ZHW9ZUMHLcqnE/jBkvNUMw+Z+0i6noQkgG6t1CeIki5\r\nOeuEMuES3UU5joyRL24b4ejiUJxeIb9sik0WSrR4qelBeOLXFKyKNvpm243Nq/W5\r\nBMoFvQkmiF37IZ9naVmPUTwPmicTeD35wEs9XerMSvvAoKUfJtXMWglN0aP2hxK5\r\n2Dhr5ZAQ0jJTxIx/l6dV23hJNql0hCurFPF9tQxYZHDpl3WUS3YLs9Bj9mGz0AjH\r\nHAyuJrQWVMCT2gao//1I7T3O5JkrVTVXNVcY+1gg+HTE0iOxe20Uhiat0pd+TCW9\r\nops3rpYOjSDy2bpipdkxSblb5QNWN1SRmSywGuESESIPLKdmooeD3nyMBGA7bWVa\r\nFJukfJcBaDnGFfgMfQmEfckawvcGhErNQtXReqGQ3AYUn+/mYiV8gvVatn8x8dy9\r\nqpRHWM1VwVD5DsgxkeUTRyimOi374RrkCPx1olMwCkbNQiQJ9VTSK5Ji7HoOZz9P\r\nFazeCSZ1csx1HTx47ch+DvRfsJMnSDwbBst2aRAmRaInUu7qSb/VJwXtjdI6HRo=\r\n=0awE\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-07-26T00:00:00", "published": "2015-07-26T00:00:00", "id": "SECURITYVULNS:DOC:32351", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32351", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3360-1 security@debian.org\r\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\r\nSeptember 15, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : icu\r\nCVE ID : CVE-2015-1270\r\nDebian Bug : 798647\r\n\r\nIt was discovered that the International Components for Unicode (ICU)\r\nlibrary mishandles converter names starting with x- , which allows\r\nremote attackers to cause a denial of service (read of uninitialized\r\nmemory) or possibly have unspecified other impact via a crafted file.\r\n\r\nFor the stable distribution (jessie), this problem has been fixed in\r\nversion 52.1-8+deb8u3.\r\n\r\nFor the testing distribution (stretch), this problem has been fixed\r\nin version 55.1-5.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 55.1-5.\r\n\r\nWe recommend that you upgrade your icu packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJV+ELBAAoJEK+lG9bN5XPLC24QAIXycfVpH1VzrqIOi7IzkmXf\r\naCJ9B+m/BWSmnEfVVm42w3u0gGd7wQZSbMi5azEdHYpec6g9Defc4XfVp8ngD9Gk\r\n37Gha8gZZ4Sbxc1tXwMwwwyP2+E+6QDrNzniSwtCNgk4UV9VUSGCNhLJBva5tV1Y\r\nJSeFVHTpl/Urj7CwdRYvlMIbVCTvcnS0FJ34LeylnXTa5k4Z2ZyO5o6a7Gd8YsAD\r\nmGJ2VWA0axNgXXpGhazLfRPQ2PauLfqWN0VpMualqejMPZd2ABRUxrZ7eUuG4AGx\r\nu0HsGnQAQrMn9ZUChTjX8HpDW7OH39B0Z0nVlSITeC4L5gK8SY5lHgmg8zV/Uk1L\r\njzTwsZty2wfyxsti8XXlY9UHKNcUjB+8bg8WdftzC765HCiNJOXJCGHeklIiHqk7\r\nT5K2H7YuNPMqMuaqgYE7zbgu3JVY9ixNk9DV9aEsgDGjrcs9OXC5U0mkV/++VHlC\r\nebpcKw02aVEl2Yf7MbX+M0cLiCHo3RM56LQUa02SivwBC5gWULwaSKaRSasoEWEP\r\nknrBzmC5rdyztXipe2undXFyJuACBAuemP8eQSLY7tpFecc52KKnKMN2lru9hzAj\r\nCSXmOvUwwZGmKdwTCMM9RepCoqpNv7Y21ejxCAzUiZ9vjlzVEdRdIeUri/UqGm+E\r\n24PlDUC7o0eS12jqWAVx\r\n=ADH3\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-10-05T00:00:00", "published": "2015-10-05T00:00:00", "id": "SECURITYVULNS:DOC:32533", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32533", "title": "[SECURITY] [DSA 3360-1] icu security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Multiple integer overflows.", "modified": "2015-08-03T00:00:00", "published": "2015-08-03T00:00:00", "id": "SECURITYVULNS:VULN:14621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14621", "title": "expat library integer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3318-1 security@debian.org\r\nhttps://www.debian.org/security/ Laszlo Boszormenyi (GCS)\r\nJuly 26, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : expat\r\nCVE ID : CVE-2015-1283\r\nDebian Bug : 793484\r\n\r\nMultiple integer overflows have been discovered in Expat, an XML parsing\r\nC library, which may result in denial of service or the execution of\r\narbitrary code if a malformed XML file is processed.\r\n\r\nFor the oldstable distribution (wheezy), this problem has been fixed\r\nin version 2.1.0-1+deb7u2.\r\n\r\nFor the stable distribution (jessie), this problem has been fixed in\r\nversion 2.1.0-6+deb8u1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.1.0-7.\r\n\r\nWe recommend that you upgrade your expat packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJVtR53AAoJEBDCk7bDfE429xUP/iYH65ZkPj1OsUWAmTeTGboo\r\nQvUDZMA+TvtS4Wnnxx07ln30JwiaEqPBVUjwkHqSeJ+WpzXT961E+gLCnAN6QOdw\r\nBilxx8HSytsQN2Gov7h0wSOxqQ9sbZRh3Cb6939WU7pp+XjwvPqXf2HxJN2uEz9S\r\n/tWQYOVn9yAkyaDC+LUVInmRnrF5OW4IY5mGOolOobfF/RdSRICHEdkKry8buTUQ\r\nmxtMuALwM2Yo1iEyTro2GLJWiCzqmzhMN+JbJ9DWv4+gbExMe1gXB3hSlfw8OIDb\r\nEm2rgEuwzUg3JZlEo7HIUO/IaL4ao5d/9Z7DyO9RLd385QZsF3iBfcp15U+6qJ3t\r\nf9Ftrl4N+fgmJt1DryYTZmX2Yg3+anCF25GMt+rHo4xWateKriG88eBNcoxnbjM5\r\nLaitgvnih09b9FibnnnIihB6mOuYNdfvRtHncxdTaA9HiWGwlzeDXMX1pQVsDOxE\r\nk6hcrrE5p6ixzQLJI6FvPDVkRU5UdlAeFXOiKFfKp7ztx6KxgiAMceVH2zEfdl5x\r\n7Vovd07/BJ0PFKWe1lUDJpvijb0X2RoZA5NsQWUN3QBONQPfpHjSl0sC8tiHhm2y\r\necwbdHMdOqpNlTZr4rZgfqD/M2sXqp8sK7Z3kjz59qTJ/hoE4Gj6eb8xx5MjsEti\r\nhqrriI8A4uSmvWjQl4XH\r\n=TfCY\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-08-03T00:00:00", "published": "2015-08-03T00:00:00", "id": "SECURITYVULNS:DOC:32385", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32385", "title": "[SECURITY] [DSA 3318-1] expat security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Memory corruption on symbols parsing.", "modified": "2015-10-05T00:00:00", "published": "2015-10-05T00:00:00", "id": "SECURITYVULNS:VULN:14704", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14704", "title": "libicu memory corruption", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:05", "id": "CVE-2015-1276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1276", "title": "CVE-2015-1276", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka \"Universal XSS (UXSS).\"", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:05", "id": "CVE-2015-1275", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1275", "title": "CVE-2015-1275", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-22T11:08:43", "bulletinFamily": "NVD", "description": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.", "modified": "2018-02-02T09:20:23", "published": "2018-01-09T11:29:00", "id": "CVE-2015-1290", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1290", "title": "CVE-2015-1290", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:03", "id": "CVE-2015-1273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1273", "title": "CVE-2015-1273", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:17", "id": "CVE-2015-1288", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1288", "title": "CVE-2015-1288", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous \"Always open files of this type\" choice, related to download_commands.cc and download_prefs.cc.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:04", "id": "CVE-2015-1274", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1274", "title": "CVE-2015-1274", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:16", "id": "CVE-2015-1287", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1287", "title": "CVE-2015-1287", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:13", "id": "CVE-2015-1284", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1284", "title": "CVE-2015-1284", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:06", "id": "CVE-2015-1277", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1277", "title": "CVE-2015-1277", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:15:02", "bulletinFamily": "NVD", "description": "Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.", "modified": "2018-10-30T12:27:35", "published": "2015-07-22T20:59:11", "id": "CVE-2015-1282", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1282", "title": "CVE-2015-1282", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2019-05-23T22:32:03", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 617147 (BIG-IP), ID 617963 (BIG-IQ), ID 618241 (Enterprise Manager), and ID 528541 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H15104541 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 \n11.2.1 | 13.0.0 - 13.1.1 \n10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP AAM | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 | 13.0.0 - 13.1.1 | Medium | iControl Soap \nBIG-IP AFM | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 | 13.0.0 - 13.1.1 | Medium | iControl Soap \nBIG-IP Analytics | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 \n11.2.1 | 13.0.0 - 13.1.1 | Medium | iControl Soap \nBIG-IP APM | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 \n11.2.1 | 13.0.0 - 13.1.1 \n10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP ASM | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 \n11.2.1 | 13.0.0 - 13.1.1 \n10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP DNS | 12.0.0 - 12.1.3 | 13.0.0 - 13.1.1 | Medium | iControl Soap \nBIG-IP Edge Gateway | 11.2.1 | 10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP GTM | 11.4.0 - 11.6.3 \n11.2.1 | 10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP Link Controller | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 \n11.2.1 | 13.0.0 - 13.1.1 \n10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP PEM | 12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 | 13.0.0 - 13.1.1 | Medium | iControl Soap \nBIG-IP PSM | 11.4.0 - 11.4.1 | 10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP WebAccelerator | 11.2.1 | 10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP WOM | 11.2.1 | 10.2.1 - 10.2.4 | Medium | iControl Soap \nBIG-IP WebSafe | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 | 13.0.0 - 13.1.1 | Medium \n\n \n\n| iControl Soap \nARX | 6.2.0 - 6.4.0 | None | Low | Expat XML parser library \nEnterprise Manager | 3.1.1 | None | Medium | iControl Soap \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | iControl Soap \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | iControl Soap \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | iControl Soap \nBIG-IQ ADC | 4.5.0 | None | Medium | iControl Soap \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | None | Medium | iControl Soap \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | iControl Soap \nF5 iWorkflow | 2.0.0 | None | Medium | iControl Soap \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "modified": "2018-11-26T19:46:00", "published": "2016-10-11T21:58:00", "id": "F5:K15104541", "href": "https://support.f5.com/csp/article/K15104541", "title": "Expat XML library vulnerability CVE-2015-1283", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-23T22:32:02", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 662850 (BIG-IP), ID 605579-6 (BIG-IQ), ID 642744 (Enterprise Manager), ID 644123 (F5 iWorkflow), and ID 528541 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H50459349 on the **Diagnostics** >** Identified** > **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 \n11.2.1 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP AAM | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP AFM | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP Analytics | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 \n11.2.1 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP APM | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 \n11.2.1 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP ASM | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 \n11.2.1 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP DNS | 12.0.0 - 12.1.3 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 | Medium | iControl SOAP \nBIG-IP Edge Gateway | 11.2.1 | None | Medium | iControl SOAP \nBIG-IP GTM | 11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 \n11.2.1 | 11.5.7 | Medium | iControl SOAP \nBIG-IP Link Controller | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 \n11.2.1 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP PEM | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.0 - 11.5.6 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 \n11.5.7 | Medium | iControl SOAP \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Medium | iControl SOAP \nBIG-IP WebAccelerator | 11.2.1 | None | Medium | iControl SOAP \nBIG-IP WebSafe | 12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 | 14.0.0 \n13.0.0 - 13.1.0 \n12.1.3.2 | Medium | iControl SOAP \nARX | 6.2.0 - 6.4.0 | None | Low | XML parser Expat library \nEnterprise Manager | 3.1.1 | None | Medium | iControl SOAP \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | iControl SOAP \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | iControl SOAP \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | iControl SOAP \nBIG-IQ ADC | 4.5.0 | None | Medium | iControl SOAP \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | None | Medium | iControl SOAP \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | iControl SOAP \nF5 iWorkflow | 2.0.0 - 2.0.2 | None | Medium | iControl SOAP \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2018-08-13T23:13:00", "published": "2017-02-11T00:46:00", "id": "F5:K50459349", "href": "https://support.f5.com/csp/article/K50459349", "title": "Expat XML library vulnerability CVE-2015-2716", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:51", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-10-21T00:00:00", "published": "2016-10-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/22/sol22232964.html", "id": "SOL22232964", "type": "f5", "title": "SOL22232964 - Expat XML library vulnerability CVE-2016-4472", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T02:18:04", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 528541 (ARX) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| 6.2.0 - 6.4.0| None| Low| Expat XML parser library \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T22:30:00", "published": "2016-10-22T00:06:00", "id": "F5:K22232964", "href": "https://support.f5.com/csp/article/K22232964", "title": "Expat XML library vulnerability CVE-2016-4472", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:24:15", "bulletinFamily": "exploit", "description": "", "modified": "2015-07-18T00:00:00", "published": "2015-07-18T00:00:00", "href": "https://packetstormsecurity.com/files/132738/Chrome-ui-AXTree-Unserialize-Use-After-Free.html", "id": "PACKETSTORM:132738", "type": "packetstorm", "title": "Chrome ui::AXTree::Unserialize Use-After-Free", "sourceData": "`1503A - Chrome - ui::AXTree::Unserialize use-after-free (CVE-2015-1277) \n \nTL;DR \nAfter 60 day deadline has passed, I am releasing details on an unfixed use-after-free vulnerability in Chrome's accessibility features, which are disabled by default. The issue does not look exploitable. \n \nDetails \nOn April 22nd 2015 I reported a use-after-free vulnerability in Google Chrome to the Chromium issue tracker. I allow vendors 60 days to fix an issue, unless they can provide an adequate reason for extending this deadline. The issue was marked fixed on June 3rd but unfortunately the fix has not yet been shipped as of July 17th. Since the deadline for a fix has passed some time ago without adequate explanation, I am disclosing details about the vulnerability today. \n \nTo cause the use-after-free to trigger an access violation in a debugger, Chrome must be run with page heap enabled, the \"--force-renderer-accessibility\" and \"--no-sandbox\" command line flags, and the environment variable \"CHROME_ALLOCATOR\" set to \"winheap\". Without the page heap settings, the repro should still trigger the use-after-free but will probably not cause an no access violation, as memory with valid data will still be allocated at the address of the freed memory. \n \nRepro \n \n<html> \n<head> \n<script> \nwindow.onload = function () { \nsetTimeout(function() { \ndocument.getElementById(\"style\") \n.appendChild(document.createElement(\"x\")); \ndocument.getElementById(\"x\") \n.appendChild(document.createElement(\"frame\")); \n}, 0); \n}; \n</script> \n</head> \n<body> \n<style id=\"style\"> \n@import \"404\"; \nbody { \nfloat: left; \n} \n</style> \n<x id=\"x\"> \nx \n</x> \n</body> \n</html> \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/132738/chrome-useafterfree.txt"}], "gentoo": [{"lastseen": "2016-09-06T19:46:50", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-49.0.2623.87\"", "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-09", "href": "https://security.gentoo.org/glsa/201603-09", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:12", "bulletinFamily": "unix", "description": "\nProblem Description:\nMultiple integer overflows have been discovered in the\n\tXML_GetBuffer() function in the expat library.\nImpact:\nThe integer overflows may be exploited by using specifically\n\tcrafted XML data and lead to infinite loop, or a heap buffer\n\toverflow, which results in a Denial of Service condition,\n\tor enables remote attackers to execute arbitrary code.\n", "modified": "2015-08-18T00:00:00", "published": "2015-08-18T00:00:00", "id": "0DA8A68E-600A-11E6-A6C3-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/0da8a68e-600a-11e6-a6c3-14dae9d210b8.html", "title": "FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:26:00", "bulletinFamily": "software", "description": "USN-2740-1 ICU Vulnerabilities\n\n# \n\nMedium to Low\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * icu \u2013 International Components for Unicode library \n\n# Description\n\nAtte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. ([CVE-2015-1270](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1270.html>))\n\nIt was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. ([CVE-2015-2632](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2632.html>), [CVE-2015-4760](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4760.html>))\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * BOSH: All versions of Cloud Foundry BOSH stemcells prior to v3094 are vulnerable to the aforementioned CVEs. \n * Cloud Foundry Runtime: all versions of cf-release prior to 219 are vulnerable to the aforementioned CVEs. \n * PHP Buildpack: all versions of the buildpack prior to 4.1.4 contain a vulnerable version of libicu52. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry Deployments using BOSH stemcell v3093 or earlier upgrade to v3094 or later, which contain the patched versions of the Linux kernel to resolve the aforementioned CVEs. \n * The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 218 or lower upgrade to 219 or higher to resolve the aforementioned CVEs. \n\n# Credit\n\nAtte Kettunen\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2740-1/>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "modified": "2015-10-07T00:00:00", "published": "2015-10-07T00:00:00", "id": "CFOUNDRY:07FC899E9F5F58E4BEDD842E4A4820A4", "href": "https://www.cloudfoundry.org/blog/usn-2740-1/", "title": "USN-2740-1 ICU Vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
