{"cve": [{"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.", "modified": "2017-01-07T02:59:00", "id": "CVE-2014-1715", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1715", "published": "2014-03-16T14:06:00", "title": "CVE-2014-1715", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.", "modified": "2018-10-30T16:27:00", "id": "CVE-2014-1705", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1705", "published": "2014-03-16T14:06:00", "title": "CVE-2014-1705", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.", "modified": "2017-01-07T02:59:00", "id": "CVE-2014-1713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1713", "published": "2014-03-16T14:06:00", "title": "CVE-2014-1713", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard.", "modified": "2017-01-07T02:59:00", "id": "CVE-2014-1714", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1714", "published": "2014-03-16T14:06:00", "title": "CVE-2014-1714", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-27T10:58:24", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 33.0.1750.154. It is, therefore, affected by the following\nvulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write\n error with the a sandbox bypass, specifically the V8\n JavaScript engine. This could allow an attacker to\n execute code or cause a denial of service if the exploit\n fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the\n ", "modified": "2019-11-02T00:00:00", "id": "GOOGLE_CHROME_33_0_1750_154.NASL", "href": "https://www.tenable.com/plugins/nessus/73082", "published": "2014-03-18T00:00:00", "title": "Google Chrome < 33.0.1750.154 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73082);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1705\",\n \"CVE-2014-1713\",\n \"CVE-2014-1714\",\n \"CVE-2014-1715\"\n );\n script_bugtraq_id(\n 66239,\n 66243,\n 66249,\n 66252\n );\n\n script_name(english:\"Google Chrome < 33.0.1750.154 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 33.0.1750.154. It is, therefore, affected by the following\nvulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write\n error with the a sandbox bypass, specifically the V8\n JavaScript engine. This could allow an attacker to\n execute code or cause a denial of service if the exploit\n fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the\n 'document.location' bindings. An attacker, using a\n specially crafted web page, can dereference freed memory\n and could execute arbitrary code. (CVE-2014-1713)\n\n - A flaw exists with the clipboard message filter. A\n context-dependent attacker could bypass sandbox\n restrictions. (CVE-2014-1714)\n\n - A restriction bypass flaw exists with the\n 'CreatePlatformFileUnsafe()' function in the\n 'base/platform_file_win.cc' where user input is not\n properly sanitized. A context-dependent attacker could\n open arbitrary directories bypassing sandbox\n restrictions. (CVE-2014-1715)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531614/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531615/30/0/threaded\");\n # http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?caf96baa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 33.0.1750.154 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1715\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'33.0.1750.154', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:39:17", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\nNew vulnerabilities after the Pwn2Own competition :\n\n- [352369] Code execution outside sandbox. Credit to VUPEN.\n\n- [352374] High CVE-2014-1713: Use-after-free in Blink bindings\n\n- [352395] High CVE-2014-1714: Windows clipboard vulnerability\n\n- [352420] Code execution outside sandbox. Credit to Anonymous.\n\n- [351787] High CVE-2014-1705: Memory corruption in V8\n\n- [352429] High CVE-2014-1715: Directory traversal issue", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_A70966A1AC2211E38D0400262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/73049", "published": "2014-03-17T00:00:00", "title": "FreeBSD : www/chromium -- multiple vulnerabilities (a70966a1-ac22-11e3-8d04-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73049);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/01/12 14:02:26 $\");\n\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n\n script_name(english:\"FreeBSD : www/chromium -- multiple vulnerabilities (a70966a1-ac22-11e3-8d04-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\nNew vulnerabilities after the Pwn2Own competition :\n\n- [352369] Code execution outside sandbox. Credit to VUPEN.\n\n- [352374] High CVE-2014-1713: Use-after-free in Blink bindings\n\n- [352395] High CVE-2014-1714: Windows clipboard vulnerability\n\n- [352420] Code execution outside sandbox. Credit to Anonymous.\n\n- [351787] High CVE-2014-1705: Memory corruption in V8\n\n- [352429] High CVE-2014-1715: Directory traversal issue\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/a70966a1-ac22-11e3-8d04-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dab8099c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<33.0.1750.152\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-27T11:12:05", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 33.0.1750.152. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write\n error with the a sandbox bypass, specifically the V8\n JavaScript engine. This could allow an attacker to\n execute code or cause a denial of service if the exploit\n fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the\n ", "modified": "2019-11-02T00:00:00", "id": "MACOSX_GOOGLE_CHROME_33_0_1750_152.NASL", "href": "https://www.tenable.com/plugins/nessus/73083", "published": "2014-03-18T00:00:00", "title": "Google Chrome < 33.0.1750.152 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73083);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1705\",\n \"CVE-2014-1713\",\n \"CVE-2014-1714\",\n \"CVE-2014-1715\"\n );\n script_bugtraq_id(\n 66239,\n 66243,\n 66249,\n 66252\n );\n\n script_name(english:\"Google Chrome < 33.0.1750.152 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 33.0.1750.152. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A remote code-execution flaw exists due to a read/write\n error with the a sandbox bypass, specifically the V8\n JavaScript engine. This could allow an attacker to\n execute code or cause a denial of service if the exploit\n fails. (CVE-2014-1705)\n\n - A use-after-free flaw exists with the\n 'document.location' bindings. An attacker, using a\n specially crafted web page, can dereference freed memory\n and could execute arbitrary code. (CVE-2014-1713)\n\n - A flaw exists with the clipboard message filter. A\n context-dependent attacker could bypass sandbox\n restrictions. (CVE-2014-1714)\n\n - A restriction bypass flaw exists with the\n 'CreatePlatformFileUnsafe()' function in the\n 'base/platform_file_win.cc' where user input is not\n properly sanitized. A context-dependent attacker could\n open arbitrary directories bypassing sandbox\n restrictions. (CVE-2014-1715)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531614/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531615/30/0/threaded\");\n # http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?caf96baa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 33.0.1750.152 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1715\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'33.0.1750.152', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:40", "bulletinFamily": "scanner", "description": "Chromium was updated to the 33.0.1750.152 stable channel uodate :\n\n - Security fixes :\n\n - CVE-2014-1713: Use-after-free in Blink bindings\n\n - CVE-2014-1714: Windows clipboard vulnerability\n\n - CVE-2014-1705: Memory corruption in V8\n\n - CVE-2014-1715: Directory traversal issue\n\nPrevious stable channel update 33.0.1750.149 :\n\n - Security fixes :\n\n - CVE-2014-1700: Use-after-free in speech\n\n - CVE-2014-1701: UXSS in events\n\n - CVE-2014-1702: Use-after-free in web database\n\n - CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2014-280.NASL", "href": "https://www.tenable.com/plugins/nessus/75318", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0501-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-280.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75318);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0501-1)\");\n script_summary(english:\"Check for the openSUSE-2014-280 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to the 33.0.1750.152 stable channel uodate :\n\n - Security fixes :\n\n - CVE-2014-1713: Use-after-free in Blink bindings\n\n - CVE-2014-1714: Windows clipboard vulnerability\n\n - CVE-2014-1705: Memory corruption in V8\n\n - CVE-2014-1715: Directory traversal issue\n\nPrevious stable channel update 33.0.1750.149 :\n\n - Security fixes :\n\n - CVE-2014-1700: Use-after-free in speech\n\n - CVE-2014-1701: UXSS in events\n\n - CVE-2014-1702: Use-after-free in web database\n\n - CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.152-1.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-33.0.1750.152-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-33.0.1750.152-25.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:21:16", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-6653\n Khalil Zhani discovered a use-after-free issue in\n chromium", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/73164", "published": "2014-03-25T00:00:00", "title": "Debian DSA-2883-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2883. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73164);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/07/15 14:20:29\");\n\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_bugtraq_id(65699, 65930, 66120, 66239, 66243, 66249);\n script_xref(name:\"DSA\", value:\"2883\");\n\n script_name(english:\"Debian DSA-2883-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2013-6653\n Khalil Zhani discovered a use-after-free issue in\n chromium's web contents color chooser.\n\n - CVE-2013-6654\n TheShow3511 discovered an issue in SVG handling.\n\n - CVE-2013-6655\n cloudfuzzer discovered a use-after-free issue in dom\n event handling.\n\n - CVE-2013-6656\n NeexEmil discovered an information leak in the XSS\n auditor.\n\n - CVE-2013-6657\n NeexEmil discovered a way to bypass the Same Origin\n policy in the XSS auditor.\n\n - CVE-2013-6658\n cloudfuzzer discovered multiple use-after-free issues\n surrounding the updateWidgetPositions function.\n\n - CVE-2013-6659\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan\n discovered that it was possible to trigger an unexpected\n certificate chain during TLS renegotiation.\n\n - CVE-2013-6660\n bishopjeffreys discovered an information leak in the\n drag and drop implementation.\n\n - CVE-2013-6661\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.117.\n\n - CVE-2013-6663\n Atte Kettunen discovered a use-after-free issue in SVG\n handling.\n\n - CVE-2013-6664\n Khalil Zhani discovered a use-after-free issue in the\n speech recognition feature.\n\n - CVE-2013-6665\n cloudfuzzer discovered a buffer overflow issue in the\n software renderer.\n\n - CVE-2013-6666\n netfuzzer discovered a restriction bypass in the Pepper\n Flash plugin.\n\n - CVE-2013-6667\n The Google Chrome team discovered and fixed multiple\n issues in version 33.0.1750.146.\n\n - CVE-2013-6668\n Multiple vulnerabilities were fixed in version\n 3.24.35.10 of the V8 JavaScript library.\n\n - CVE-2014-1700\n Chamal de Silva discovered a use-after-free issue in\n speech synthesis.\n\n - CVE-2014-1701\n aidanhs discovered a cross-site scripting issue in event\n handling.\n\n - CVE-2014-1702\n Colin Payne discovered a use-after-free issue in the web\n database implementation.\n\n - CVE-2014-1703\n VUPEN discovered a use-after-free issue in web sockets\n that could lead to a sandbox escape.\n\n - CVE-2014-1704\n Multiple vulnerabilities were fixed in version\n 3.23.17.18 of the V8 JavaScript library.\n\n - CVE-2014-1705\n A memory corruption issue was discovered in the V8\n JavaScript library.\n\n - CVE-2014-1713\n A use-after-free issue was discovered in the\n AttributeSetter function.\n\n - CVE-2014-1715\n A directory traversal issue was found and fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2883\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 33.0.1750.152-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"33.0.1750.152-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:40:34", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201408-16.NASL", "href": "https://www.tenable.com/plugins/nessus/77460", "published": "2014-08-30T00:00:00", "title": "GLSA-201408-16 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201408-16.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77460);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_bugtraq_id(66120, 66239, 66243, 66249, 66252, 66704, 67082, 67374, 67375, 67376, 67517, 67572, 67972, 67977, 67980, 67981, 68677, 69192, 69201, 69202, 69203, 69398, 69400, 69401, 69402, 69403, 69405, 69406, 69407);\n script_xref(name:\"GLSA\", value:\"201408-16\");\n\n script_name(english:\"GLSA-201408-16 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201408-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-37.0.2062.94'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 37.0.2062.94\"), vulnerable:make_list(\"lt 37.0.2062.94\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-27T11:09:39", "bulletinFamily": "scanner", "description": "The version of Apple Safari installed on the remote Mac OS X host is\na version prior to 6.1.3 or 7.0.3. It is, therefore, potentially\naffected by the following vulnerabilities related to the included\nWebKit components :\n\n - Unspecified errors exist that could allow memory\n corruption, application crashes and possibly arbitrary\n code execution. (CVE-2013-2871, CVE-2013-2926,\n CVE-2013-2928, CVE-2013-6625, CVE-2014-1289,\n CVE-2014-1290, CVE-2014-1291, CVE-2014-1292,\n CVE-2014-1293, CVE-2014-1294, CVE-2014-1298,\n CVE-2014-1299, CVE-2014-1300, CVE-2014-1301,\n CVE-2014-1302, CVE-2014-1303, CVE-2014-1304,\n CVE-2014-1305, CVE-2014-1307, CVE-2014-1308,\n CVE-2014-1309, CVE-2014-1310, CVE-2014-1311,\n CVE-2014-1312, CVE-2014-1313, CVE-2014-1713)\n\n - An error exists related to IPC messages and ", "modified": "2019-11-02T00:00:00", "id": "MACOSX_SAFARI7_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/73304", "published": "2014-04-02T00:00:00", "title": "Mac OS X : Apple Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73304);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2926\",\n \"CVE-2013-2928\",\n \"CVE-2013-6625\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1297\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1713\"\n );\n script_bugtraq_id(\n 61054,\n 63024,\n 63028,\n 63672,\n 66088,\n 66242,\n 66243,\n 66572,\n 66573,\n 66574,\n 66575,\n 66576,\n 66577,\n 66578,\n 66579,\n 66580,\n 66581,\n 66583,\n 66584,\n 66585,\n 66586,\n 66587\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-04-01-1\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\na version prior to 6.1.3 or 7.0.3. It is, therefore, potentially\naffected by the following vulnerabilities related to the included\nWebKit components :\n\n - Unspecified errors exist that could allow memory\n corruption, application crashes and possibly arbitrary\n code execution. (CVE-2013-2871, CVE-2013-2926,\n CVE-2013-2928, CVE-2013-6625, CVE-2014-1289,\n CVE-2014-1290, CVE-2014-1291, CVE-2014-1292,\n CVE-2014-1293, CVE-2014-1294, CVE-2014-1298,\n CVE-2014-1299, CVE-2014-1300, CVE-2014-1301,\n CVE-2014-1302, CVE-2014-1303, CVE-2014-1304,\n CVE-2014-1305, CVE-2014-1307, CVE-2014-1308,\n CVE-2014-1309, CVE-2014-1310, CVE-2014-1311,\n CVE-2014-1312, CVE-2014-1313, CVE-2014-1713)\n\n - An error exists related to IPC messages and 'WebProcess'\n that could allow an attacker to read arbitrary files.\n (CVE-2014-1297)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-057/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6181\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531708/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari 6.1.3 / 7.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[7-9]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8 / 10.9\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nif (\"10.7\" >< os || \"10.8\" >< os) fixed_version = \"6.1.3\";\nelse fixed_version = \"7.0.3\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:47:36", "bulletinFamily": "scanner", "description": "The version of Apple iTunes on the remote host is prior to version\n12.0.1. It is, therefore, affected by multiple vulnerabilities related\nto the included version of WebKit. The errors could lead to\napplication crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application", "modified": "2019-11-02T00:00:00", "id": "ITUNES_12_0_1_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/78598", "published": "2014-10-21T00:00:00", "title": "Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78598);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2875\",\n \"CVE-2013-2909\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\",\n \"CVE-2013-5195\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5228\",\n \"CVE-2013-6625\",\n \"CVE-2013-6635\",\n \"CVE-2013-6663\",\n \"CVE-2014-1268\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1323\",\n \"CVE-2014-1324\",\n \"CVE-2014-1325\",\n \"CVE-2014-1326\",\n \"CVE-2014-1327\",\n \"CVE-2014-1329\",\n \"CVE-2014-1330\",\n \"CVE-2014-1331\",\n \"CVE-2014-1333\",\n \"CVE-2014-1334\",\n \"CVE-2014-1335\",\n \"CVE-2014-1336\",\n \"CVE-2014-1337\",\n \"CVE-2014-1338\",\n \"CVE-2014-1339\",\n \"CVE-2014-1340\",\n \"CVE-2014-1341\",\n \"CVE-2014-1342\",\n \"CVE-2014-1343\",\n \"CVE-2014-1344\",\n \"CVE-2014-1362\",\n \"CVE-2014-1363\",\n \"CVE-2014-1364\",\n \"CVE-2014-1365\",\n \"CVE-2014-1366\",\n \"CVE-2014-1367\",\n \"CVE-2014-1368\",\n \"CVE-2014-1382\",\n \"CVE-2014-1384\",\n \"CVE-2014-1385\",\n \"CVE-2014-1386\",\n \"CVE-2014-1387\",\n \"CVE-2014-1388\",\n \"CVE-2014-1389\",\n \"CVE-2014-1390\",\n \"CVE-2014-1713\",\n \"CVE-2014-1731\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\"\n );\n script_bugtraq_id(\n 64361,\n 67553,\n 67572\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-6\");\n\n script_name(english:\"Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n12.0.1. It is, therefore, affected by multiple vulnerabilities related\nto the included version of WebKit. The errors could lead to\napplication crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/533723/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.0.1.26\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:47:36", "bulletinFamily": "scanner", "description": "The version of Apple iTunes installed on the remote Windows host is\nprior to 12.0.1. It is, therefore, affected by multiple\nvulnerabilities due to the included version of WebKit. The errors\ncould lead to application crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application", "modified": "2019-11-02T00:00:00", "id": "ITUNES_12_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/78597", "published": "2014-10-21T00:00:00", "title": "Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78597);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2875\",\n \"CVE-2013-2909\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\",\n \"CVE-2013-5195\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5228\",\n \"CVE-2013-6625\",\n \"CVE-2013-6635\",\n \"CVE-2013-6663\",\n \"CVE-2014-1268\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1323\",\n \"CVE-2014-1324\",\n \"CVE-2014-1325\",\n \"CVE-2014-1326\",\n \"CVE-2014-1327\",\n \"CVE-2014-1329\",\n \"CVE-2014-1330\",\n \"CVE-2014-1331\",\n \"CVE-2014-1333\",\n \"CVE-2014-1334\",\n \"CVE-2014-1335\",\n \"CVE-2014-1336\",\n \"CVE-2014-1337\",\n \"CVE-2014-1338\",\n \"CVE-2014-1339\",\n \"CVE-2014-1340\",\n \"CVE-2014-1341\",\n \"CVE-2014-1342\",\n \"CVE-2014-1343\",\n \"CVE-2014-1344\",\n \"CVE-2014-1362\",\n \"CVE-2014-1363\",\n \"CVE-2014-1364\",\n \"CVE-2014-1365\",\n \"CVE-2014-1366\",\n \"CVE-2014-1367\",\n \"CVE-2014-1368\",\n \"CVE-2014-1382\",\n \"CVE-2014-1384\",\n \"CVE-2014-1385\",\n \"CVE-2014-1386\",\n \"CVE-2014-1387\",\n \"CVE-2014-1388\",\n \"CVE-2014-1389\",\n \"CVE-2014-1390\",\n \"CVE-2014-1713\",\n \"CVE-2014-1731\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\"\n );\n script_bugtraq_id(\n 64361,\n 67553,\n 67572\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-6\");\n\n script_name(english:\"Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.0.1. It is, therefore, affected by multiple\nvulnerabilities due to the included version of WebKit. The errors\ncould lead to application crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/533723/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.0.1.26\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-19T22:14:47", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804342", "title": "Google Chrome Multiple Vulnerabilities-03 Mar2014 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-03 Mar2014 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804342\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n script_bugtraq_id(66252, 66243, 66249, 66239);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 14:00:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-03 Mar2014 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An unspecified error within V8.\n\n - A use-after-free error within 'AttributeSetter' function in the bindings in\n Blink.\n\n - Improper verification of certain format value by\n 'ScopedClipboardWriter::WritePickledData' function.\n\n - Insufficient sanitization of user input by 'CreatePlatformFileUnsafe'\n function.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, compromise a user's system and possibly unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.154 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 33.0.1750.154 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57439\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_14.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.154\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:49", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804344", "title": "Google Chrome Multiple Vulnerabilities-03 Mar2014 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-03 Mar2014 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804344\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n script_bugtraq_id(66252, 66243, 66249, 66239);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 14:00:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-03 Mar2014 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An unspecified error within V8.\n\n - A use-after-free error within 'AttributeSetter' function in the bindings in\n Blink.\n\n - Improper verification of certain format value by\n 'ScopedClipboardWriter::WritePickledData' function.\n\n - Insufficient sanitization of user input by 'CreatePlatformFileUnsafe'\n function.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, compromise a user's system and possibly unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.152 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 33.0.1750.152 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57439\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_14.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.152\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:36", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-03-19T00:00:00", "id": "OPENVAS:1361412562310804343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804343", "title": "Google Chrome Multiple Vulnerabilities-03 Mar2014 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-03 Mar2014 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804343\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\");\n script_bugtraq_id(66252, 66243, 66249, 66239);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-19 14:00:04 +0530 (Wed, 19 Mar 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-03 Mar2014 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An unspecified error within V8.\n\n - A use-after-free error within 'AttributeSetter' function in the bindings in\n Blink.\n\n - Improper verification of certain format value by\n 'ScopedClipboardWriter::WritePickledData' function.\n\n - Insufficient sanitization of user input by 'CreatePlatformFileUnsafe'\n function.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice, compromise a user's system and possibly unspecified other impacts.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 33.0.1750.152 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 33.0.1750.152 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57439\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/03/stable-channel-update_14.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"33.0.1750.152\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-04-10T00:00:00", "id": "OPENVAS:1361412562310850581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850581", "title": "SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0501_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850581\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:35:21 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\",\n \"CVE-2014-1715\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\");\n script_tag(name:\"affected\", value:\"chromium on openSUSE 13.1, openSUSE 12.3\");\n script_tag(name:\"insight\", value:\"Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n\n - Security fixes:\n\n * CVE-2014-1713: Use-after-free in Blink bindings\n\n * CVE-2014-1714: Windows clipboard vulnerability\n\n * CVE-2014-1705: Memory corruption in V8\n\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n\n - Security fixes:\n\n * CVE-2014-1700: Use-after-free in speech\n\n * CVE-2014-1701: UXSS in events\n\n * CVE-2014-1702: Use-after-free in web database\n\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0501_1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:10:25", "bulletinFamily": "scanner", "description": "Check for the Version of chromium", "modified": "2017-12-08T00:00:00", "published": "2014-04-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850581", "id": "OPENVAS:850581", "title": "SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0501_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850581);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:35:21 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\",\n \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\",\n \"CVE-2014-1715\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2014:0501-1 (chromium)\");\n\n tag_insight = \"\n Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n - Security fixes:\n * CVE-2014-1713: Use-after-free in Blink bindings\n * CVE-2014-1714: Windows clipboard vulnerability\n * CVE-2014-1705: Memory corruption in V8\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n - Security fixes:\n * CVE-2014-1700: Use-after-free in speech\n * CVE-2014-1701: UXSS in events\n * CVE-2014-1702: Use-after-free in web database\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\";\n\n tag_affected = \"chromium on openSUSE 13.1, openSUSE 12.3\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0501_1\");\n script_summary(\"Check for the Version of chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~1.33.2\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~33.0.1750.152~25.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:12:48", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.", "modified": "2017-08-23T00:00:00", "published": "2014-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702883", "id": "OPENVAS:702883", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 6995 2017-08-23 11:52:03Z teissa $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653 \nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654 \nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655 \ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656 \nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657 \nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658 \ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659 \nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660 \nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663 \nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664 \nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665 \ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666 \nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667 \nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668 \nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700 \nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701 \naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702 \nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703 \nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704 \nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705 \nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713 \nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715 \nA directory traversal issue was found and fixed.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702883);\n script_version(\"$Revision: 6995 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-08-23 13:52:03 +0200 (Wed, 23 Aug 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2883.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\nKhalil Zhani discovered a use-after-free issue in chromium", "modified": "2019-03-19T00:00:00", "published": "2014-03-23T00:00:00", "id": "OPENVAS:1361412562310702883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702883", "title": "Debian Security Advisory DSA 2883-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2883.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2883-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702883\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-6653\", \"CVE-2013-6654\", \"CVE-2013-6655\", \"CVE-2013-6656\", \"CVE-2013-6657\", \"CVE-2013-6658\", \"CVE-2013-6659\", \"CVE-2013-6660\", \"CVE-2013-6661\", \"CVE-2013-6663\", \"CVE-2013-6664\", \"CVE-2013-6665\", \"CVE-2013-6666\", \"CVE-2013-6667\", \"CVE-2013-6668\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1715\");\n script_name(\"Debian Security Advisory DSA 2883-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-23 00:00:00 +0100 (Sun, 23 Mar 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2883.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\nKhalil Zhani discovered a use-after-free issue in chromium's web\ncontents color chooser.\n\nCVE-2013-6654\nTheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\ncloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\nNeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\nNeexEmil discovered a way to bypass the Same Origin policy in the\nXSS auditor.\n\nCVE-2013-6658\ncloudfuzzer discovered multiple use-after-free issues surrounding\nthe updateWidgetPositions function.\n\nCVE-2013-6659\nAntoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\nit was possible to trigger an unexpected certificate chain during\nTLS renegotiation.\n\nCVE-2013-6660\nbishopjeffreys discovered an information leak in the drag and drop\nimplementation.\n\nCVE-2013-6661\nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.117.\n\nCVE-2013-6663\nAtte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\nKhalil Zhani discovered a use-after-free issue in the speech\nrecognition feature.\n\nCVE-2013-6665\ncloudfuzzer discovered a buffer overflow issue in the software\nrenderer.\n\nCVE-2013-6666\nnetfuzzer discovered a restriction bypass in the Pepper Flash\nplugin.\n\nCVE-2013-6667\nThe Google Chrome team discovered and fixed multiple issues in\nversion 33.0.1750.146.\n\nCVE-2013-6668\nMultiple vulnerabilities were fixed in version 3.24.35.10 of\nthe V8 javascript library.\n\nCVE-2014-1700\nChamal de Silva discovered a use-after-free issue in speech\nsynthesis.\n\nCVE-2014-1701\naidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\nColin Payne discovered a use-after-free issue in the web database\nimplementation.\n\nCVE-2014-1703\nVUPEN discovered a use-after-free issue in web sockets that\ncould lead to a sandbox escape.\n\nCVE-2014-1704\nMultiple vulnerabilities were fixed in version 3.23.17.18 of\nthe V8 javascript library.\n\nCVE-2014-1705\nA memory corruption issue was discovered in the V8 javascript\nlibrary.\n\nCVE-2014-1713\nA use-after-free issue was discovered in the AttributeSetter\nfunction.\n\nCVE-2014-1715\nA directory traversal issue was found and fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"33.0.1750.152-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201408-16", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121260", "title": "Gentoo Security Advisory GLSA 201408-16", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201408-16.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121260\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:47 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201408-16\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201408-16\");\n script_cve_id(\"CVE-2014-1741\", \"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201408-16\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 37.0.2062.94\"), vulnerable: make_list(\"lt 37.0.2062.94\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:59:13", "bulletinFamily": "info", "description": "Now that the dust has settled after the [Pwn2Own contest](<https://threatpost.com/vupen-cashes-in-four-times-at-pwn2own/104754>), the browser manufacturers are beginning to roll out patches for the vulnerabilities exploited by contestants. Google on Monday released fixes for a number of bugs in Chrome discovered and exploited during Pwn2Own, releasing new versions of the browser for Windows, Mac and Linux.\n\nThis year\u2019s Pwn2Own, which runs in conjunction with the CanSecWest conference in Vancouver, showcased vulnerabilities and exploits in most of the major browsers, including Internet Explorer and Firefox, along with Chrome. The team from VUPEN, the French security and exploit-sales firm, took home several hundred thousand dollars in prize money from the contest, a good portion of it for demonstrating new bugs in Google Chrome. In addition to the prize money from the contest, Google also is paying its own rewards to the researchers who used new flaws in Chrome.\n\nVUPEN earned a $100,000 reward from Google for its two Chrome vulnerabilities, and an anonymous researcher also earned $60,000 for two separate vulnerabilities. The flaws used in Pwn2Own that Google fixed in Chrome 33 are:\n\n * [$100,000] [[352369](<https://code.google.com/p/chromium/issues/detail?id=352369>)] Code execution outside sandbox. Credit to VUPEN. \n * [[352374](<https://code.google.com/p/chromium/issues/detail?id=352374>)] **High **CVE-2014-1713: Use-after-free in Blink bindings\n * [[352395](<https://code.google.com/p/chromium/issues/detail?id=352395>)] **High** CVE-2014-1714: Windows clipboard vulnerability\n * [$60,000] [[352420](<https://code.google.com/p/chromium/issues/detail?id=352420>)] Code execution outside sandbox. Credit to Anonymous. \n * [[351787](<https://code.google.com/p/chromium/issues/detail?id=351787>)] **High** CVE-2014-1705: Memory corruption in V8\n * [[352429](<https://code.google.com/p/chromium/issues/detail?id=352429>)] **High** CVE-2014-1715: Directory traversal issue\n\nPatches for Internet Explorer and Firefox likely will take a little longer, as they\u2019re on longer update cycles than Google, which typically pushes out new versions whenever significant security issues need to be fixed. Google security officials said that they plan to publish some details of the exploits used against Chrome in Pwn2Own in the coming weeks.\n\n\u201cWe\u2019re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future,\u201d Anthony Laforge of Google said in a [blog post](<http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html>).\n", "modified": "2014-03-19T20:41:49", "published": "2014-03-17T11:24:53", "id": "THREATPOST:92620F5AFF6D439FD7555958C7778604", "href": "https://threatpost.com/google-patches-four-pwn2own-bugs-in-chrome-33/104828/", "type": "threatpost", "title": "Google Patches Four Pwn2Own Bugs in Chrome 33", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "Chromium was updated to the 33.0.1750.152 stable channel\n uodate:\n - Security fixes:\n * CVE-2014-1713: Use-after-free in Blink bindings\n * CVE-2014-1714: Windows clipboard vulnerability\n * CVE-2014-1705: Memory corruption in V8\n * CVE-2014-1715: Directory traversal issue\n\n Previous stable channel update 33.0.1750.149:\n - Security fixes:\n * CVE-2014-1700: Use-after-free in speech\n * CVE-2014-1701: UXSS in events\n * CVE-2014-1702: Use-after-free in web database\n * CVE-2014-1703: Potential sandbox escape due to a\n use-after-free in web sockets\n * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in\n version 3.23.17.18\n\n", "modified": "2014-04-09T19:04:26", "published": "2014-04-09T19:04:26", "id": "OPENSUSE-SU-2014:0501-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html", "type": "suse", "title": "chromium to 33.0.1750.152 stable release (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:29:52", "bulletinFamily": "exploit", "description": "Bugtraq ID:66249\r\nCVE ID:CVE-2014-1715\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\u3002\r\n0\r\nGoogle Chrome\r\nGoogle Chrome 33.0.1750.152\u548c33.0.1750.154\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.google.com/chrome", "modified": "2014-03-20T00:00:00", "published": "2014-03-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61866", "id": "SSV:61866", "title": "Google Chrome\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:29:59", "bulletinFamily": "exploit", "description": "Bugtraq ID:66239\r\nCVE ID:CVE-2014-1705\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u6240\u4f7f\u7528\u7684V8\u5f15\u64ce\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nGoogle Chrome\r\nChrome 33.0.1750.152\u548c33.0.1750.154\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.google.com/chrome", "modified": "2014-03-20T00:00:00", "published": "2014-03-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61864", "id": "SSV:61864", "title": "Google Chrome V8\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:29:41", "bulletinFamily": "exploit", "description": "Bugtraq ID:66252\r\nCVE ID:CVE-2014-1714\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u4e2dScopedClipboardWriter::WritePickledData\u51fd\u6570(ui/base/clipboard/scoped_clipboard_writer.cc)\u6ca1\u6709\u6b63\u786e\u6821\u9a8c\u90e8\u5206\u683c\u5f0f\u503c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome\nChrome 33.0.1750.152\u548c33.0.1750.154\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.google.com/chrome", "modified": "2014-03-20T00:00:00", "published": "2014-03-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61865", "id": "SSV:61865", "title": "Google Chrome ScopedClipboardWriter::WritePickledData\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:30:25", "bulletinFamily": "exploit", "description": "Bugtraq ID\uff1a66243\r\nCVE ID\uff1aCVE-2014-1713\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.google.com/chrome", "modified": "2014-03-18T00:00:00", "published": "2014-03-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61824", "id": "SSV:61824", "title": "Google Chrome\u91ca\u653e\u540e\u4f7f\u7528\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "zdi": [{"lastseen": "2016-11-09T00:18:03", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of directories. The issue lies in the failure to fully check for directory traversal attempts. An attacker can leverage this vulnerability to execute code under the context of the broker process.", "modified": "2014-11-09T00:00:00", "published": "2014-04-11T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-089", "id": "ZDI-14-089", "title": "(Pwn2Own) Google Chrome Directory Traversal Sandbox Escape Vulnerability", "type": "zdi", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:18:12", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TypedArray objects. By carefully manipulating a TypedArray object an attacker can read and write data to any address. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2014-11-09T00:00:00", "published": "2014-04-11T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-088", "id": "ZDI-14-088", "title": "(Pwn2Own) Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:17:57", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the Microsoft Windows Clipboard. An attacker can leverage this vulnerability to execute code under the context of the broker process.", "modified": "2014-11-09T00:00:00", "published": "2014-04-11T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-087", "id": "ZDI-14-087", "type": "zdi", "title": "(Pwn2Own) Google Chrome Clipboard Sandbox Escape Vulnerability", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:18:06", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Blink bindings. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2014-11-09T00:00:00", "published": "2014-04-11T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-086", "id": "ZDI-14-086", "title": "(Pwn2Own) Google Chrome Blink Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "thn": [{"lastseen": "2018-01-27T10:06:39", "bulletinFamily": "info", "description": "[](<https://3.bp.blogspot.com/-xKjkuI1Uco8/Uz0nPSWQA4I/AAAAAAAAbAc/dwCTTe_AV8Q/s1600/safari-browser-update-download.jpg>)\n\n_So, is your Safari Web Browser Updated?? _Make sure you have the latest web browser updated for your Apple Macintosh systems, as Apple [released](<https://support.apple.com/kb/HT6181>) _Safari 6.1.3_ and _Safari 7.0.3_ with new security updates.\n\n \n\n\nThese Security updates addresses multiple vulnerabilities in its Safari web browser, which has always been the standard browser for Mac users.\n\n \n\n\nThis times not five or ten, in fact about two dozen. Apple issued a security update to patch a total of 27 [vulnerabilities](<https://thehackernews.com/search/label/Vulnerability>) in Safari web browser, including the one which was highlighted at _Pwn2Own _2014 hacking competition.\n\n \n\n\nThe available updates replace the browser running OSX 10.7 and 10.8 with the latest versions of browser 6.1.3, and OSX 10.9 with 7.0.3.\n\n \n\n\nAmong the 27 vulnerabilities, the most remarkable vulnerability addressed in the update is **_CVE-2014-1303_**, a heap-based buffer overflow that can be remotely exploited and could lead to bypass a sandbox protection mechanism via unspecified vector.\n\n \n\n\nThis vulnerability is the one used by Liang Chen of \"_Keen Team,_\" a Shanghai-based group of security researchers who hacked Safari on the second day of [Pwn2Own](<https://thehackernews.com/search/label/Pwn2own>) hacking competition this year held in March 12-13 at the CanSecWest security conference in Vancouver, resulting in a $65,000 reward.\n\n \n\n\nThe vulnerabilities involved memory corruption errors in the **WebKit**, which if exploited by a malicious or specially crafted website, could allow a remote attacker to execute arbitrary code on the victim's machine or completely crashing of the software as a result of DoS condition. This could also be a great starting step for injecting malware onto the victims\u2019 computer.\n\n \n\n\nAnother notable vulnerability is **_CVE-2014-1713_**, reported by the French security firm _VUPEN_, known for selling zero-day exploits, typically to law enforcement and government intelligence agencies, and HP's Zero Day Initiative.\n\n \n\n\nVUPEN also exploited several targets in this year\u2019s Pwn2Own competition, including Chrome, Adobe Flash and Adobe Reader, and Microsoft's Internet Explorer, taking home $400,000 of the total contest payout for the IE 11 zero-day.\n\n \n\n\nMore than half of the bugs were fixed by the Google Chrome Security team in this latest Apple updates, as both Google's Chrome browser and Safari are powered by the WebKit framework.\n\n \n\n\nApple also specially mentioned a different flaw discovered by_ Ian Beer_ of Google's Project Zero, which could enable an attacker running arbitrary code in the WebProcess to read arbitrary files despite Safari's sandbox restrictions.\n\n \n\n\nLast month, Apple issued iOS 7.1 update for [iPhones](<https://thehackernews.com/search/label/iPhone>), iPads and iPod Touches to patch several vulnerabilities, including the one in the mobile Safari.\n\n \n\n\nApple has released software updates and instructions on obtaining the updates at the following links: Software Updates and Safari 6.1.3 and 7.0.3. so, apple users are advised to update their Safari browser as soon as possible.\n", "modified": "2014-04-03T09:43:32", "published": "2014-04-02T22:43:00", "id": "THN:3F01BC262915EB887CAFBB69ACCFC949", "href": "https://thehackernews.com/2014/04/update-your-safari-browser-to-patch-two.html", "type": "thn", "title": "Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:02", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2883-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2013-6653\n\n Khalil Zhani discovered a use-after-free issue in chromium's web\n contents color chooser.\n\nCVE-2013-6654\n\n TheShow3511 discovered an issue in SVG handling.\n\nCVE-2013-6655\n\n cloudfuzzer discovered a use-after-free issue in dom event handling.\n\nCVE-2013-6656\n\n NeexEmil discovered an information leak in the XSS auditor.\n\nCVE-2013-6657\n\n NeexEmil discovered a way to bypass the Same Origin policy in the\n XSS auditor.\n\nCVE-2013-6658\n\n cloudfuzzer discovered multiple use-after-free issues surrounding\n the updateWidgetPositions function.\n\nCVE-2013-6659\n\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to trigger an unexpected certificate chain during\n TLS renegotiation.\n\nCVE-2013-6660\n\n bishopjeffreys discovered an information leak in the drag and drop\n implementation.\n\nCVE-2013-6661\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.117.\n\nCVE-2013-6663\n\n Atte Kettunen discovered a use-after-free issue in SVG handling.\n\nCVE-2013-6664\n\n Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature.\n\nCVE-2013-6665\n\n cloudfuzzer discovered a buffer overflow issue in the software\n renderer.\n\nCVE-2013-6666\n\n netfuzzer discovered a restriction bypass in the Pepper Flash\n plugin.\n\nCVE-2013-6667\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.146.\n\nCVE-2013-6668\n\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\n the V8 javascript library.\n\nCVE-2014-1700\n\n Chamal de Silva discovered a use-after-free issue in speech\n synthesis.\n\nCVE-2014-1701\n\n aidanhs discovered a cross-site scripting issue in event handling.\n\nCVE-2014-1702\n\n Colin Payne discovered a use-after-free issue in the web database\n implementation.\n\nCVE-2014-1703\n\n VUPEN discovered a use-after-free issue in web sockets that\n could lead to a sandbox escape.\n\nCVE-2014-1704\n\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\n the V8 javascript library.\n\nCVE-2014-1705\n\n A memory corruption issue was discovered in the V8 javascript\n library.\n\nCVE-2014-1713\n\n A use-after-free issue was discovered in the AttributeSetter\n function. \n\nCVE-2014-1715\n\n A directory traversal issue was found and fixed.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-03-24T01:02:38", "published": "2014-03-24T01:02:38", "id": "DEBIAN:DSA-2883-1:8DB61", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00055.html", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "Memory corruprions, information leakage, certificate validation issues, protection bypass, crossite scripting, directory traversal.", "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "id": "SECURITYVULNS:VULN:13629", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13629", "title": "Chromium / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2883-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMarch 23, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \r\n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\r\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\r\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\r\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\r\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\r\n\r\nSeveral vulnerabilities have been discovered in the chromium web browser.\r\n\r\nCVE-2013-6653\r\n\r\n Khalil Zhani discovered a use-after-free issue in chromium's web\r\n contents color chooser.\r\n\r\nCVE-2013-6654\r\n\r\n TheShow3511 discovered an issue in SVG handling.\r\n\r\nCVE-2013-6655\r\n\r\n cloudfuzzer discovered a use-after-free issue in dom event handling.\r\n\r\nCVE-2013-6656\r\n\r\n NeexEmil discovered an information leak in the XSS auditor.\r\n\r\nCVE-2013-6657\r\n\r\n NeexEmil discovered a way to bypass the Same Origin policy in the\r\n XSS auditor.\r\n\r\nCVE-2013-6658\r\n\r\n cloudfuzzer discovered multiple use-after-free issues surrounding\r\n the updateWidgetPositions function.\r\n\r\nCVE-2013-6659\r\n\r\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\r\n it was possible to trigger an unexpected certificate chain during\r\n TLS renegotiation.\r\n\r\nCVE-2013-6660\r\n\r\n bishopjeffreys discovered an information leak in the drag and drop\r\n implementation.\r\n\r\nCVE-2013-6661\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.117.\r\n\r\nCVE-2013-6663\r\n\r\n Atte Kettunen discovered a use-after-free issue in SVG handling.\r\n\r\nCVE-2013-6664\r\n\r\n Khalil Zhani discovered a use-after-free issue in the speech\r\n recognition feature.\r\n\r\nCVE-2013-6665\r\n\r\n cloudfuzzer discovered a buffer overflow issue in the software\r\n renderer.\r\n\r\nCVE-2013-6666\r\n\r\n netfuzzer discovered a restriction bypass in the Pepper Flash\r\n plugin.\r\n\r\nCVE-2013-6667\r\n\r\n The Google Chrome team discovered and fixed multiple issues in\r\n version 33.0.1750.146.\r\n\r\nCVE-2013-6668\r\n\r\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1700\r\n\r\n Chamal de Silva discovered a use-after-free issue in speech\r\n synthesis.\r\n\r\nCVE-2014-1701\r\n\r\n aidanhs discovered a cross-site scripting issue in event handling.\r\n\r\nCVE-2014-1702\r\n\r\n Colin Payne discovered a use-after-free issue in the web database\r\n implementation.\r\n\r\nCVE-2014-1703\r\n\r\n VUPEN discovered a use-after-free issue in web sockets that\r\n could lead to a sandbox escape.\r\n\r\nCVE-2014-1704\r\n\r\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\r\n the V8 javascript library.\r\n\r\nCVE-2014-1705\r\n\r\n A memory corruption issue was discovered in the V8 javascript\r\n library.\r\n\r\nCVE-2014-1713\r\n\r\n A use-after-free issue was discovered in the AttributeSetter\r\n function. \r\n\r\nCVE-2014-1715\r\n\r\n A directory traversal issue was found and fixed.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 33.0.1750.152-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 33.0.1750.152-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN\r\no5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS\r\n4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH\r\nLQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T\r\npbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne\r\nFgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch\r\nV19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o\r\nY8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG\r\nea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq\r\nRcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4\r\ne/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG\r\nFx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72\r\ni7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD\r\ncdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc\r\n/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW\r\n0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu\r\nXdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22\r\nlBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI\r\nAr/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+\r\nTi/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY\r\nvoLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09\r\nyItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=\r\n=tb+u\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-03-25T00:00:00", "published": "2014-03-25T00:00:00", "id": "SECURITYVULNS:DOC:30384", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30384", "title": "[SECURITY] [DSA 2883-1] chromium-browser security update", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-04-22-3 Apple TV 6.1.1\r\n\r\nApple TV 6.1.1 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker in a privileged network position can obtain web\r\nsite credentials\r\nDescription: Set-Cookie HTTP headers would be processed even if the\r\nconnection closed before the header line was complete. An attacker\r\ncould strip security settings from the cookie by forcing the\r\nconnection to close before the security settings were sent, and then\r\nobtain the value of the unprotected cookie. This issue was addressed\r\nby ignoring incomplete HTTP header lines.\r\nCVE-ID\r\nCVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A local user can read kernel pointers, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A set of kernel pointers stored in an IOKit object\r\ncould be retrieved from userland. This issue was addressed through\r\nremoving the pointers from the object.\r\nCVE-ID\r\nCVE-2014-1320 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker with a privileged network position may capture\r\ndata or change the operations performed in sessions protected by SSL\r\nDescription: In a 'triple handshake' attack, it was possible for an\r\nattacker to establish two connections which had the same encryption\r\nkeys and handshake, insert the attacker's data in one connection, and\r\nrenegotiate so that the connections may be forwarded to each other.\r\nTo prevent attacks based on this scenario, Secure Transport was\r\nchanged so that, by default, a renegotiation must present the same\r\nserver certificate as was presented in the original connection.\r\nCVE-ID\r\nCVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and\r\nAlfredo Pironti of Prosecco at Inria Paris\r\n\r\nAppel TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker with a privileged network position may cause an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2871 : miaubiz\r\nCVE-2014-1298 : Google Chrome Security Team\r\nCVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of\r\nUniversity of Szeged / Samsung Electronics\r\nCVE-2014-1300 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\nCVE-2014-1302 : Google Chrome Security Team, Apple\r\nCVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative\r\nCVE-2014-1304 : Apple\r\nCVE-2014-1305 : Apple\r\nCVE-2014-1307 : Google Chrome Security Team\r\nCVE-2014-1308 : Google Chrome Security Team\r\nCVE-2014-1309 : cloudfuzzer\r\nCVE-2014-1310 : Google Chrome Security Team\r\nCVE-2014-1311 : Google Chrome Security Team\r\nCVE-2014-1312 : Google Chrome Security Team\r\nCVE-2014-1313 : Google Chrome Security Team\r\nCVE-2014-1713 : VUPEN working with HP's Zero Day Initiative\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTVeuDAAoJEPefwLHPlZEwi1gQAKQn8w9zSwYjMTj7wLrucXdc\r\n19j5H2gpJUZOc+banSg49DKorF+rJY7EF+cL2FzYC93aYa4E+LMXNpgl/xbiNKSZ\r\nO8RxAGs/6YlgT6iU/kHjx5CX+g4whFBVx56QlPv3CUFGwa1XSv5CdXqjGZANgkHz\r\nuTWxI6E2avi5uMUnyAuVcNDaq50rUxkCzSFDvdkCOAhWkeicR0QsYXq82W6mo6p9\r\nrEueQ9KjM8hZEsGc6stBdXCsd7Thk3eHhQS/OasPz8GLUoc213goqmjaSPRQFRlS\r\nYa6YDLtyY0OdL2wNeiSC33EBhoPCjCbyMUFD2iLDZNblMwRa21MhlDXVSOaF03/8\r\nQHeLacDY1+poax0e+VxZukhyDNNXjtOgCkd9kx86/vyinb/GqOKm+6tkaSriusc8\r\nImWorSbb32EfmSXIGnDL1TzTDES/UigOU6zgwappGH/DS9djHQxVFZ++N+WaVBiX\r\ndhFPLNjKB8yWXBnHb95UzKJuWU0h13rkE9FlsGkSGxeZJRGPrvK/K4XAIviqU1yc\r\nYePX4MY8yywD4jg74QrsZRLgkfn3N/T5LCsC3KD4ejrIkvLxui3hqRGVOK7Vdssk\r\nF43/4FKOXk46s3xIuwlYcLuwCyLyisxrVawAsf8R6ReadKlmch2fJrnG9YqKZwki\r\n74O1bqU5Zc80vDx+/x2O\r\n=sFDM\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30552", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30552", "title": "APPLE-SA-2014-04-22-3 Apple TV 6.1.1", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-04-22-2 iOS 7.1.1\r\n\r\niOS 7.1.1 is now available and addresses the following:\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker in a privileged network position can obtain web\r\nsite credentials\r\nDescription: Set-Cookie HTTP headers would be processed even if the\r\nconnection closed before the header line was complete. An attacker\r\ncould strip security settings from the cookie by forcing the\r\nconnection to close before the security settings were sent, and then\r\nobtain the value of the unprotected cookie. This issue was addressed\r\nby ignoring incomplete HTTP header lines.\r\nCVE-ID\r\nCVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris\r\n\r\nIOKit Kernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user can read kernel pointers, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A set of kernel pointers stored in an IOKit object\r\ncould be retrieved from userland. This issue was addressed through\r\nremoving the pointers from the object.\r\nCVE-ID\r\nCVE-2014-1320 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\n\r\nSecurity - Secure Transport\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may capture\r\ndata or change the operations performed in sessions protected by SSL\r\nDescription: In a 'triple handshake' attack, it was possible for an\r\nattacker to establish two connections which had the same encryption\r\nkeys and handshake, insert the attacker's data in one connection, and\r\nrenegotiate so that the connections may be forwarded to each other.\r\nTo prevent attacks based on this scenario, Secure Transport was\r\nchanged so that, by default, a renegotiation must present the same\r\nserver certificate as was presented in the original connection.\r\nCVE-ID\r\nCVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and\r\nAlfredo Pironti of Prosecco at Inria Paris\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2871 : miaubiz\r\nCVE-2014-1298 : Google Chrome Security Team\r\nCVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of\r\nUniversity of Szeged / Samsung Electronics\r\nCVE-2014-1300 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\nCVE-2014-1302 : Google Chrome Security Team, Apple\r\nCVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative\r\nCVE-2014-1304 : Apple\r\nCVE-2014-1305 : Apple\r\nCVE-2014-1307 : Google Chrome Security Team\r\nCVE-2014-1308 : Google Chrome Security Team\r\nCVE-2014-1309 : cloudfuzzer\r\nCVE-2014-1310 : Google Chrome Security Team\r\nCVE-2014-1311 : Google Chrome Security Team\r\nCVE-2014-1312 : Google Chrome Security Team\r\nCVE-2014-1313 : Google Chrome Security Team\r\nCVE-2014-1713 : VUPEN working with HP's Zero Day Initiative\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "7.1.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F\r\n9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG\r\n7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx\r\nTZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT\r\nkQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w\r\nmF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex\r\nrVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm\r\nt7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V\r\njlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF\r\nLZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS\r\nLKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK\r\nAv6eIuVxA8q9Lm6TCh+h\r\n=ilSw\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30551", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30551", "title": "APPLE-SA-2014-04-22-2 iOS 7.1.1", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Unsafe cookie handling, protection ypass, information leakage, multiple WebKit vulnerabilities.", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13713", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13713", "title": "Apple TV multiple security vulnerabitilies", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Unsafe cookie handling, protection ypass, information leakage, multiple WebKit vulnerabilities.", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13712", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13712", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "Multiple memory corruptions, restrictions bypass.", "modified": "2014-04-03T00:00:00", "published": "2014-04-03T00:00:00", "id": "SECURITYVULNS:VULN:13662", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13662", "title": "Apple Safari multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3\r\n\r\nSafari 6.1.3 and Safari 7.0.3 are now available and address the\r\nfollowing:\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2871 : miaubiz\r\nCVE-2013-2926 : cloudfuzzer\r\nCVE-2013-2928 : Google Chrome Security Team\r\nCVE-2013-6625 : cloudfuzzer\r\nCVE-2014-1289 : Apple\r\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day\r\nInitiative, Google Chrome Security Team\r\nCVE-2014-1291 : Google Chrome Security Team\r\nCVE-2014-1292 : Google Chrome Security Team\r\nCVE-2014-1293 : Google Chrome Security Team\r\nCVE-2014-1294 : Google Chrome Security Team\r\nCVE-2014-1298 : Google Chrome Security Team\r\nCVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of\r\nUniversity of Szeged / Samsung Electronics\r\nCVE-2014-1300 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\nCVE-2014-1301 : Google Chrome Security Team\r\nCVE-2014-1302 : Google Chrome Security Team, Apple\r\nCVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative\r\nCVE-2014-1304 : Apple\r\nCVE-2014-1305 : Apple\r\nCVE-2014-1307 : Google Chrome Security Team\r\nCVE-2014-1308 : Google Chrome Security Team\r\nCVE-2014-1309 : cloudfuzzer\r\nCVE-2014-1310 : Google Chrome Security Team\r\nCVE-2014-1311 : Google Chrome Security Team\r\nCVE-2014-1312 : Google Chrome Security Team\r\nCVE-2014-1313 : Google Chrome Security Team\r\nCVE-2014-1713 : VUPEN working with HP's Zero Day Initiative\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: An attacker running arbitary code in the WebProcess may be\r\nable to read arbitrary files despite sandbox restrictions\r\nDescription: A logic issue existed in the handling of IPC messages\r\nfrom the WebProcess. This issue was addressed through additional\r\nvalidation of IPC messages.\r\nCVE-ID\r\nCVE-2014-1297 : Ian Beer of Google Project Zero\r\n\r\nFor OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3\r\nand Safari 6.1.3 may be obtained from Mac App Store.\r\n\r\nFor OS X Lion systems Safari 6.1.3 is available via the Apple\r\nSoftware Update application.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTOwlLAAoJEPefwLHPlZEwmPYP/AoGVbrVVEQfbWZ/OMER6jCR\r\nbDN4ykWdExJFRKr972tsirke9mLrDX1Flqg3jYpqrna6lWsZxk1wA/IXy4TRG97O\r\nmpA75r7853lCJ482h5XImTdv6wWqMfTTNR1YzsK+TCLZA3sDlByQ4yshwGWhOf1Q\r\nnY+hPpaC05PEmPeNKMWw6PA9IgA9e84uy0b/3+c2acOUZ9aAYEXmydPySY+5uYLa\r\necXjvee83LVTu8Pq2/C9yCJ1kI1EMix6Q3CTb2Cv/Dtgu1q7rZMG7qKieFpMKO2J\r\nxM7RYm1qPNlZ4hf+ZPX+D4+k6g2sZMqYdocdG1qXubk8m314CinHajdsZH9jXDHO\r\n01gnYeMRp2IUBJlClQ7mPyIveJqJV9XpzvMTciuTVEuhzWhMaazzly8dp+8NCu4Q\r\nQShPJKqAq16ACJqqOarwo8xaSumZ3UcKhVrD0Gxo1/dhzO1Hy52yo7WrWLaOVH89\r\nbXPeVMfYIF0V9xysbixNmBIEro0mYDuor/XlXBFicZAjmyGEVE04K4UjenMeDoYO\r\n/1A2zaVyM9MD50y+X/rFErtz2cj7uNcZ1XSNqPdGameoti5WvvoRbKs/D/H7E8bX\r\np8JDoVJoy46fOBfwNv6eaQYTGYzgtdoEtmTKL3zDauQC1bxI1Jwtma07S97D2SyJ\r\nurMcI/V2h8JnGD4sS/7L\r\n=kHuK\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-04-03T00:00:00", "published": "2014-04-03T00:00:00", "id": "SECURITYVULNS:DOC:30447", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30447", "title": "APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n------------------------------------------------------------------------\r\nWebKitGTK+ Security Advisory WSA-2015-0001\r\n------------------------------------------------------------------------\r\n\r\nDate reported : January 26, 2015\r\nAdvisory ID : WSA-2015-0001\r\nAdvisory URL : http://webkitgtk.org/security/WSA-2015-0001.html\r\nAffected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.\r\nCVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,\r\n CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,\r\n CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,\r\n CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,\r\n CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,\r\n CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,\r\n CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,\r\n CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,\r\n CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,\r\n CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,\r\n CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,\r\n CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,\r\n CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,\r\n CVE-2014-1389, CVE-2014-1390.\r\n\r\nSeveral vulnerabilities were discovered on the 2.4 stable series of\r\nWebKitGTK+.\r\n\r\nCVE-2013-2871\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to miaubiz.\r\n Use-after-free vulnerability in Google Chrome before 28.0.1500.71\r\n allows remote attackers to cause a denial of service or possibly\r\n have unspecified other impact via vectors related to the handling of\r\n input.\r\n\r\nCVE-2014-1292\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than CVE-2014-1289,\r\n CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.\r\n\r\nCVE-2014-1298\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1299\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Google Chrome Security Team, Apple, Renata Hodovan of\r\n University of Szeged / Samsung Electronics.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1300\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Ian Beer of Google Project Zero working with HP's Zero Day\r\n Initiative.\r\n Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows\r\n remote attackers to execute arbitrary code with root privileges via\r\n unknown vectors, as demonstrated by Google during a Pwn4Fun\r\n competition at CanSecWest 2014.\r\n\r\nCVE-2014-1303\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to KeenTeam working with HP's Zero Day Initiative.\r\n Heap-based buffer overflow in Apple Safari 7.0.2 allows remote\r\n attackers to execute arbitrary code and bypass a sandbox protection\r\n mechanism via unspecified vectors, as demonstrated by Liang Chen\r\n during a Pwn2Own competition at CanSecWest 2014.\r\n\r\nCVE-2014-1304\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1305\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1307\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1308\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1309\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to cloudfuzzer.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1311\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1313\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-04-01-1.\r\n\r\nCVE-2014-1713\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to VUPEN working with HP's Zero Day Initiative.\r\n Use-after-free vulnerability in the AttributeSetter function in\r\n bindings/templates/attributes.cpp in the bindings in Blink, as used\r\n in Google Chrome before 33.0.1750.152 on OS X and Linux and before\r\n 33.0.1750.154 on Windows, allows remote attackers to cause a denial\r\n of service or possibly have unspecified other impact via vectors\r\n involving the document.location value.\r\n\r\nCVE-2014-1297\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1.\r\n Credit to Ian Beer of Google Project Zero.\r\n WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,\r\n does not properly validate WebProcess IPC messages, which allows\r\n remote attackers to bypass a sandbox protection mechanism and read\r\n arbitrary files by leveraging WebProcess access.\r\n\r\nCVE-2013-2875\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to miaubiz.\r\n core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in\r\n Blink, as used in Google Chrome before 28.0.1500.71, allows remote\r\n attackers to cause a denial of service (out-of-bounds read) via\r\n unspecified vectors.\r\n\r\nCVE-2013-2927\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to cloudfuzzer.\r\n Use-after-free vulnerability in the\r\n HTMLFormElement::prepareForSubmission function in\r\n core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome\r\n before 30.0.1599.101, allows remote attackers to cause a denial of\r\n service or possibly have unspecified other impact via vectors\r\n related to submission for FORM elements.\r\n\r\nCVE-2014-1323\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to banty.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1326\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1329\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1330\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1331\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to cloudfuzzer.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1333\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1334\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1335\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1336\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1337\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1338\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1339\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Atte Kettunen of OUSPG.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1341\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1342\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1343\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1731\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to an anonymous member of the Blink development community.\r\n core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,\r\n as used in Google Chrome before 34.0.1847.131 on Windows and OS X\r\n and before 34.0.1847.132 on Linux, does not properly check renderer\r\n state upon a focus event, which allows remote attackers to cause a\r\n denial of service or possibly have unspecified other impact via\r\n vectors that leverage "type confusion" for SELECT elements.\r\n\r\nCVE-2014-1346\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2.\r\n Credit to Erling Ellingsen of Facebook.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n does not properly interpret Unicode encoding, which allows remote\r\n attackers to spoof a postMessage origin, and bypass intended\r\n restrictions on sending a message to a connected frame or window,\r\n via crafted characters in a URL.\r\n\r\nCVE-2014-1344\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8.\r\n Credit to Ian Beer of Google Project Zero.\r\n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n APPLE-SA-2014-05-21-1.\r\n\r\nCVE-2014-1384\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n HT6367.\r\n\r\nCVE-2014-1385\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n HT6367.\r\n\r\nCVE-2014-1387\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8.\r\n Credit to Google Chrome Security Team.\r\n WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n HT6367.\r\n\r\nCVE-2014-1388\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n HT6367.\r\n\r\nCVE-2014-1389\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n HT6367.\r\n\r\nCVE-2014-1390\r\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8.\r\n Credit to Apple.\r\n WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,\r\n allows remote attackers to execute arbitrary code or cause a denial\r\n of service (memory corruption and application crash) via a crafted\r\n web site, a different vulnerability than other WebKit CVEs listed in\r\n HT6367.\r\n\r\n\r\nFor the 2.4 series, these problems have been fixed in release 2.4.8.\r\n\r\nFurther information about WebKitGTK+ Security Advisories can be found\r\nat: http://webkitgtk.org/security.html\r\n\r\nThe WebKitGTK+ team,\r\nJanuary 26, 2015\r\n\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31686", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31686", "title": "WebKitGTK+ Security Advisory WSA-2015-0001", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "84 vulnerabilities on different formats and protocols parsing.", "modified": "2014-10-18T00:00:00", "published": "2014-10-18T00:00:00", "id": "SECURITYVULNS:VULN:14051", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14051", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-37.0.2062.94\"", "modified": "2014-08-30T00:00:00", "published": "2014-08-30T00:00:00", "id": "GLSA-201408-16", "href": "https://security.gentoo.org/glsa/201408-16", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
